Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAG48ez0_BFmrhW_JaKFSNz0tH3U+vmVnsA_1NaZcbCsYHURiHw@mail.gmail.com>
Date: Mon, 9 May 2016 10:53:39 -0700
From: Jann Horn <jannh@...gle.com>
To: oss-security@...ts.openwall.com
Cc: carnil@...ian.org, cve-assign@...re.org
Subject: Re: Re: CVE Requests: Linux: BPF flaws (one
 use-after-free / local root privilege escalation)

On Fri, May 6, 2016 at 8:40 AM,  <cve-assign@...re.org> wrote:
>> bpf: fix check_map_func_compatibility logic
>> https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca
>>
>> Not sure though if the later one has a security impact.
>
> We have not yet assigned a CVE ID to
> 6aff67c85c9e5a4bc99e5211c1bac547936626ca in case someone else wants to
> provide additional information.

I'm the original reporter of that bug. As far as I can tell, its
impact is low - you could use it to:

 - obtain the ability to execute BPF programs that are owned by other processes
 - perhaps cause a NULL dereference in an exiting task if the BPF
program is executed in
   softirq context after exit_files() has nulled tsk->files

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.