oss-sec mailing list archives
CVE request - Linux kernel: evm: NULL pointer de-reference flaw
From: P J P <ppandit () redhat com>
Date: Thu, 21 Feb 2013 00:39:10 +0530 (IST)
Hello,Linux kernel built with Extended Verification Module(EVM) and configured properly, is vulnerable to a NULL pointer de-reference flaw, caused by accessing extended attribute routines of sockfs inode object.
An unprivileged user/program could use this to crash the kernel, resulting in DoS.
Upstream fix: -> https://git.kernel.org/linus/a67adb997419fb53540d4a4f79c6471c60bc69b6 Reference: -> https://bugzilla.redhat.com/show_bug.cgi?id=913266 Thank you. -- Prasad J Pandit / Red Hat Security Response Team DB7A 84C5 D3F9 7CD1 B5EB C939 D048 7860 3655 602B
Current thread:
- CVE request - Linux kernel: evm: NULL pointer de-reference flaw P J P (Feb 20)
- Re: CVE request - Linux kernel: evm: NULL pointer de-reference flaw Kurt Seifried (Feb 20)