Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <cig3328s95zvj3.fsf@u54e1add816995a33037d.ant.amazon.com>
Date: Wed, 6 Jan 2021 11:59:28 -0800
From: Anthony Liguori <aliguori@...zon.com>
To: <oss-security@...ts.openwall.com>
CC: <security@...nel.org>, <luolikang@...ocus.com>
Subject: A security vulnerability in linux kernel 5.8.10

The following message was sent to the distros@ list.  Unfortunate the
sender was not responsive and it's unclear if it's actually an issue.
The report overall did not follow the policies of the list with the
information provided.

Per the distros list policy, we've past the 14 day mark and even with a
little extra time due to the holiday, this needs to be made public.

Posting follows below.

Regards,

Anthony Liguori

Subject: A security vulnerability in linux kernel 5.8.10
To: security@...nel.org
Cc: linux-distros@...openwall.org
Date: Fri, 18 Dec 2020 16:53:59 +0800

¢þË: 梵 <luolikang@...ocus.com> 
¢Íʱä: 2020ê12Â18Õ 13:23
Õ¼È: 'security@...nel.org' <security@...nel.org>
։: change the poc

Sorry , please use this poc

¢þË: 梵 <luolikang@...ocus.com <mailto:luolikang@...ocus.com> > 
¢Íʱä: 2020ê12Â18Õ 11:46
Õ¼È: 'security@...nel.org' <security@...nel.org
<mailto:security@...nel.org> >
։: A security vulnerability in linux kernel 5.8.10

Hello,
I have found a security vulnerability in linux kernel 5.8.10. When I use the
DCCP protocol to establish a connection, the kernel will crash.

My analysis are followed: When call the  ___slab_alloc function, it will
enter the new_slab branch, and the new_slab_objects will return a normal
freelist, but in  alloc_debug_processing, it will change the second object
ptr in freelist to an invalid address,and then cause dos.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.