oss-sec mailing list archives
Re: 2.6.25.10 security fixes, please assign CVE id
From: Eugene Teo <eteo () redhat com>
Date: Tue, 08 Jul 2008 18:13:04 +0800
Marcus Meissner wrote:
http://lwn.net/Articles/288473/Stable kernel 2.6.25.10 Posted Jul 3, 2008 15:34 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]
[...]
2. http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8 is an even better one, it allows one to overflow the task struct refcount (a 32 bit atomic_t on the affected amd64) and cause its subsequent freeing with dangling references to it all over the place (including 'current' of the ptraced task itself). corresponding exploit avenues abound.I don't know if this one has a CVE yet.
I'm cc'ing Steve just to make sure that this gets a CVE id. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- 2.6.25.10 security fixes, please assign CVE id Marcus Meissner (Jul 03)
- Re: 2.6.25.10 security fixes, please assign CVE id Eugene Teo (Jul 08)
- Re: 2.6.25.10 security fixes, please assign CVE id Steven M. Christey (Jul 08)