Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4574c9ede05943b4bed89cb18f288ac3@imshyb01.MITRE.ORG>
Date: Thu, 19 Jan 2017 16:50:29 -0500
From: <cve-assign@...re.org>
To: <ppandit@...hat.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@...c.gov.uk>
Subject: Re: CVE request Kernel: kvm: use-after-free issue while creating devices

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM) support
> is vulnerable to a use-after-free flaw. It could occur while creating devices, 
> via ioctl('/dev/kvm', ...) calls.
> 
> A user/process could use this flaw to crash the host kernel resulting in DoS 
> or potentially escalate their privileges on a system.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1414506
> https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61

>> KVM: use after free in kvm_ioctl_create_device()
>> 
>> We should move the ops->destroy(dev) after the list_del(&dev->vm_node)
>> so that we don't use "dev" after freeing it.
>> 
>> virt/kvm/kvm_main.c

Use CVE-2016-10150.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYgTPgAAoJEHb/MwWLVhi2d54P/1HdOI1khdv+N0Xl8/6HEHsI
Fw7DGd9i1o74vbcFSaqkWLLPD1py1bo0Vc2rzYHhuLR9snJ6c+q/Zcrf5JAkCi2R
+pmTznsfb82uTSX69RlQidv6aDHE15kGWh99iKaRmSyl3zx5WynfrmBQwBziUVVi
6yBcnQc5VRC8lyaTh2iLdW/m/fjzBieQKfKTlbdTGc7hkoEWyTvSmxksmTN5cQyU
AbJjID50vjXdKpS7vxQ88LGuy/BWT74V0Nb2lIU7YCqX8nGcnfcTiM0HQM7nOQRb
uX3XrQfzE5OrbotTZmj59+lf5dpsKxeE1RJvpdA33XFgtEoYs6nRZwnBIDtJPL0v
8OMUhPLhSd3aikOPZ2WKTD/vqv1nxjpOo/mMJA5T6PlMi/7+XTYXrHlRd08e5JJc
BM1m6NuvTUoU2DV0ixicAUWRHd2MOx0i+BPubGrZeCYlACjPkI/SoJn8JqjsBvN0
EkX8am20G6RJxTGtplhjnhqGc0ZoT1XBi9fwpmEtFAD8lKI53DLPVzw0Yy2KMlOw
wwW94nMmo0KcXGPDf58aG2j+20cGkgPHaK4vKUaRC2ISsx++MYfRFFREo2wC4dyW
cAs0lb8ka9SFbiLZ6KiHVq3+uXs77HMBRPbT9wrS1z7QGapzB/5f2t46SYX2eCWD
P+hlTEh26mdh5anV0jew
=0y5u
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.