oss-sec mailing list archives
RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open
From: "Mehaffey, John" <John_Mehaffey () mentor com>
Date: Fri, 13 Mar 2015 20:17:21 +0000
Hi Greg, To me, it is more of an issue of tracking products which were designed and sold in the vulnerable timeframe, and may still embed these flaws. Most of the embedded market may not be vulnerable to this attack for other reasons, but a CVE would help to track it for the exceptions. A GENIVI head unit that uses logins to implement the IVI user concept comes to mind. Sincerely, John Mehaffey Linux System Architect Mentor Graphics ________________________________________ From: P J P [ppandit () redhat com] Sent: Friday, March 13, 2015 11:00 AM To: oss security list Subject: [oss-security] CVE request: Linux kernel: tty: kobject reference leakage in tty_open -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable to a NULL pointer dereference issue. It could occur while accessing pseudo terminal device(/dev/pts/*) files. An unprivileged user could use this flaw to crash the system kernel resulting in DoS. Upstream fix: - ------------- -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376 Thank you. - -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVAyW3AAoJEN0TPTL+WwQfOCAP/3z7CRPQj4glHgVFdkxuzk1/ xlXwJJTRYlVDWe2F/lCbeP+jzQne37MzVl8Qma4OA2iAuySsRUQvjkc/6mMB6j+6 9LVg0XV6hlZl0oFmxcWbQlNQLuhJsHOPja863aNvKoDZbh6mVIGi98BOaBjeMQUd Y81pGh5+BFYVk6hhcWPA2Zxok/MW+HN/JjvDqQReILsL5ApqRAxw0EBmZ3YpWBYL oxdRUT2FoRTKB5FFEgm6KAQdTSc9iqnH/QUTE4/s5wMCy20lb6j9bIk7pKkE6VmA XLwtioC/ttNR/Npe2kPXHm3KG4MH8Uftjd3IYdtJeJ7vjjgmPY3jAZZm/dBECWRZ Q9waGh9k8t6pEhaCz4jql21m1uoHLritnrLuAz56dOfh3R6TS46QEKqf7IgaqZ41 psgQQKmX3gy9lyWoWdcWYgCvg5QJaW2lVotTTbCbSs/qfNmqJo2nMzTVL5UxTYic Adj0Y3KvrkIbAjEdyaNmwOMqH2pq8LUb87wDlD4DD7pRzZDFV6vzXA7wL5Za7VOr S8t3VvFfsMPUW+Y2zTdahWiGkgiQXxmFhaOC9KeSWFmgpxDQjJSPtdFdlRdu6gtX 9ZXd7JSkwcFPujAFJ4SHI67ilo1rnqh3n6HZqOtaKTQCn6L7Mnn3ht/vumkxQpbF qjvQJOX+4OcFRe025MOM =ZQtV -----END PGP SIGNATURE-----
Current thread:
- CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 16)
- RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)