oss-sec mailing list archives
Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID
From: Solar Designer <solar () openwall com>
Date: Wed, 22 May 2019 21:41:21 +0200
On Thu, Apr 18, 2019 at 09:40:54AM -0400, Vladis Dronov wrote:
Just in another case - this flaw in a.out binaries has got the CVE-2019-11191: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191
Dongguangdong of Huawei PSIRT discovered and reported to linux-distros on May 6 that this additionally affects flat binaries, binfmt_flat.c. Since we're now past linux-distros' 14 days max embargo period and since Dongguangdong failed to bring this in here on time, I felt I had to take over and post the above now. Personally, I find this a very minor detail, but I like (linux-)distros policy to be adhered to without exceptions. Alexander
Current thread:
- Linux kernel < 4.8 local generic ASLR bypass for setuid binaries Federico Manuel Bento (Apr 03)
- Re: Linux kernel < 4.8 local generic ASLR - CVE-ID Vladis Dronov (Apr 15)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Vladis Dronov (Apr 18)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Solar Designer (May 22)
- Re: Linux kernel < 4.8 local generic ASLR - another CVE-ID Vladis Dronov (Apr 18)
- Re: Linux kernel < 4.8 local generic ASLR - CVE-ID Vladis Dronov (Apr 15)