oss-sec mailing list archives

Re: Status of two Linux kernel issues w/o CVE assignments

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 23 Dec 2011 13:52:24 -0700

On 12/22/2011 09:44 AM, Moritz Muehlenhoff wrote:

Hi,
there were a two Linux-related CVE requests/discussions, which
didn't end up in an assignment:

1: rose: Add length checks to CALL_REQUEST parsing
e0bccd315db0c2f919e7fcf9cb60db21d9986f52 in mainline

It was decided that this should be split, but without a final
resulting CVE assignment:
http://www.openwall.com/lists/oss-security/2011/04/12/1


Can anyone shed more light on this for me? (links to fixes/etc.?).


2: /proc/$PID/{sched,schedstat} information leak
Vasiliy Kulikov of OpenWall posted a demo exploit.
http://openwall.com/lists/oss-security/2011/11/05/3

AFAICS no CVE ID was assigned to this?

I believe we are not assigning CVE's for these types of proc relatedissues, some discussion was had:


https://lkml.org/lkml/2011/2/7/368

http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks

but I'm not sure what the outcome is. CC'ing Eugene Teo.


Cheers,
         Moritz


--

-Kurt Seifried / Red Hat Security Response Team

Current thread:

Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
  - Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
  - Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
  - Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
    - Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
    - Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
    - Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
  - Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)