oss-sec mailing list archives
A security vulnerability in linux kernel 5.8.10
From: Anthony Liguori <aliguori () amazon com>
Date: Wed, 6 Jan 2021 11:59:28 -0800
The following message was sent to the distros@ list. Unfortunate the sender was not responsive and it's unclear if it's actually an issue. The report overall did not follow the policies of the list with the information provided. Per the distros list policy, we've past the 14 day mark and even with a little extra time due to the holiday, this needs to be made public. Posting follows below. Regards, Anthony Liguori Subject: A security vulnerability in linux kernel 5.8.10 To: security () kernel org Cc: linux-distros () vs openwall org Date: Fri, 18 Dec 2020 16:53:59 +0800 ¢þË: 梵 <luolikang () nsfocus com> ¢Íʱä: 2020ê12Â18Õ 13:23 Õ¼È: 'security () kernel org' <security () kernel org> ÷â: change the poc Sorry , please use this poc ¢þË: 梵 <luolikang () nsfocus com <mailto:luolikang () nsfocus com> > ¢Íʱä: 2020ê12Â18Õ 11:46 Õ¼È: 'security () kernel org' <security () kernel org <mailto:security () kernel org> > ÷â: A security vulnerability in linux kernel 5.8.10 Hello, I have found a security vulnerability in linux kernel 5.8.10. When I use the DCCP protocol to establish a connection, the kernel will crash. My analysis are followed: When call the ___slab_alloc function, it will enter the new_slab branch, and the new_slab_objects will return a normal freelist, but in alloc_debug_processing, it will change the second object ptr in freelist to an invalid address,and then cause dos.
Current thread:
- A security vulnerability in linux kernel 5.8.10 Anthony Liguori (Jan 06)