oss-sec mailing list archives

Re: CVE Request: linux kernel perf out-of-bounds access

From: Michael Gilbert <mgilbert () debian org>
Date: Wed, 15 May 2013 00:02:38 -0400

On Tue, May 14, 2013 at 9:26 PM, Eugene Teo wrote:

On Tue, May 14, 2013 at 8:25 PM, Marc Deslauriers <
marc.deslauriers () canonical com> wrote:

Hello,

Is there a CVE for this? If not, could one be assigned, please?

https://patchwork.kernel.org/patch/2441281/

8176cced706b5e5d15887584150764894e94e02f

(BTW, there is currently an exploit for this going around...)


Nowhere did it say it is a security fix. Fix available since April 13.
s@kois not aware too. Awesome.

Seriously, surely by now we should all know that silent fixes are not the
wisest thing to do.


An iceberg of evidence is clearly not enough to change this ship's course.

Best wishes,
Mike

Current thread:

CVE Request: linux kernel perf out-of-bounds access Marc Deslauriers (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Raphael Geissert (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Petr Matousek (May 14)
- Re: CVE Request: linux kernel perf out-of-bounds access Eugene Teo (May 14)
  - Re: CVE Request: linux kernel perf out-of-bounds access Michael Gilbert (May 14)
  - Re: CVE Request: linux kernel perf out-of-bounds access Greg KH (May 14)
    - Re: CVE Request: linux kernel perf out-of-bounds access sd (May 14)
    - Re: CVE Request: linux kernel perf out-of-bounds access Kurt Seifried (May 15)