oss-sec mailing list archives

Re: 2.6.25.10 security fixes, please assign CVE id

From: Eugene Teo <eteo () redhat com>
Date: Tue, 08 Jul 2008 18:13:04 +0800

Marcus Meissner wrote:

http://lwn.net/Articles/288473/

Stable kernel 2.6.25.10
Posted Jul 3, 2008 15:34 UTC (Thu) by PaXTeam (subscriber, #24616) [Link]

[...]

2.
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git;a=commitdiff;h=1e9a615bfce7996ea4d815d45d364b47ac6a74e8
is an even better one, it allows one to overflow the task struct refcount (a 32 bit atomic_t
on the affected amd64) and cause its subsequent freeing with dangling references to it all
over the place (including 'current' of the ptraced task itself). corresponding exploit avenues
abound.


I don't know if this one has a CVE yet.


I'm cc'ing Steve just to make sure that this gets a CVE id.

Thanks,
Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Current thread:

2.6.25.10 security fixes, please assign CVE id Marcus Meissner (Jul 03)
- Re: 2.6.25.10 security fixes, please assign CVE id Eugene Teo (Jul 08)
- Re: 2.6.25.10 security fixes, please assign CVE id Steven M. Christey (Jul 08)