oss-sec mailing list archives

Re: CVE request: kernel: perf bug

From: Josh Bressers <bressers () redhat com>
Date: Mon, 15 Nov 2010 12:50:15 -0500 (EST)

----- "Eugene Teo" <eugene () redhat com> wrote:

Upstream commit dab5855 ("perf_counter: Add mmap event hooks to 
mprotect()") is fundamentally wrong as mprotect_fixup() can free 'vma'

due to merging. Fix the problem by moving perf_event_mmap() hook to
mprotect_fixup(). In certain scenario, a local, unprivileged user could
use this flaw to trigger a denial of service.

Upstream commit:
http://git.kernel.org/linus/63bfd7384b119409685a17d5c58f0b56e5dc03da

https://bugzilla.redhat.com/show_bug.cgi?id=651671

PS: I thought I requested a CVE name for this already, but it turns out I
did not.


Please use CVE-2010-4169.

Thanks.

-- 
    JB

Current thread:

CVE request: kernel: perf bug Eugene Teo (Nov 14)
- <Possible follow-ups>
- Re: CVE request: kernel: perf bug Josh Bressers (Nov 15)