oss-sec mailing list archives
Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)
From: rf () q-leap de
Date: Fri, 31 Jan 2014 18:54:17 +0100
"SD" == Solar Designer <solar () openwall com> writes:
SD> On Fri, Jan 31, 2014 at 05:34:05PM +0100, rf () q-leap de wrote: >> >>>>> "SD" == Solar Designer <solar () openwall com> writes: SD> This is CVE-2014-0038 (assigned shortly after Kees sent the SD> message below). >> Are you sure this is the correct CVE? SD> Pretty sure, yes. I am not aware of a reason to think SD> otherwise. SD> It was kindly assigned by Petr Matousek (of Red Hat, even though SD> their products are not affected) on Wed, 29 Jan 2014 10:01:59 SD> +0100. OK, thanks for the fast explanation. >> It was assigned already beginning of Dec. last year. SD> The "assigned" date seen on CVE IDs often indicates when a pool SD> of CVE IDs was created and then assigned to a CNA (Red Hat in SD> this case), not when individual CVE IDs are assigned to actual SD> issues. It is perfectly normal (albeit confusing) for the SD> "assigned" date to be earlier than the vulnerability discovery SD> date. This was discussed in here before: SD> http://www.openwall.com/lists/oss-security/2012/01/23/4 SD> CNAs: SD> http://cve.mitre.org/cve/cna.html Sorry for the repetition, but I wasn't subscribed yet at the time or is this a FAQ?
Current thread:
- Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 30)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kees Cook (Jan 30)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) rf (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Kurt Seifried (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Solar Designer (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) PaX Team (Jan 31)
- Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038) Yves-Alexis Perez (Feb 01)