oss-sec mailing list archives
CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver
From: Tyler Hicks <tyhicks () canonical com>
Date: Wed, 2 Mar 2016 17:55:48 -0600
Colin Ian King discovered a kernel memory leak in the CUSE driver using stress-ng. A local denial of service, via memory exhaustion, is possible if the attacker has sufficient privileges to repeatedly open /dev/cuse for reading. In Ubuntu, /dev/cuse is only readable by root so this flaw was deemed to have a very low impact. I'm unsure of the default permissions in other distributions. CVE-2015-1339 was assigned to the issue. Introduced in 4.2: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 Fixed in 4.4: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c Tyler
Attachment:
signature.asc
Description:
Current thread:
- CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver Tyler Hicks (Mar 02)