oss-sec mailing list archives
Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open
From: Greg KH <greg () kroah com>
Date: Fri, 13 Mar 2015 20:46:39 +0100
On Fri, Mar 13, 2015 at 11:30:23PM +0530, P J P wrote:
Hello, Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable to a NULL pointer dereference issue. It could occur while accessing pseudo terminal device(/dev/pts/*) files. An unprivileged user could use this flaw to crash the system kernel resulting in DoS. Upstream fix: ------------- -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376
Digging up patches from 2011? Why? It should have long-ago been backported to all relevant kernel releases from any company that has a kernel that is still supported today that is older than the 3.2 release and newer than 2.6.28. And if you are a company that is ignoring stable kernel patches for their old kernel releases, well, that's just not very wise :) What does asking for a CVE for such an old issue help with? thanks, greg k-h
Current thread:
- CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 16)
- RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)