oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2009-3547 kernel: fs: pipe.c null pointer dereference

From: Eugene Teo <eugene () redhat com>
Date: Tue, 03 Nov 2009 18:54:05 +0800
* a NULL pointer dereference flaw was found in each of the following
functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. 

http://lkml.org/lkml/2009/10/14/184
http://lkml.org/lkml/2009/10/21/42
http://git.kernel.org/linus/ad3960243e55320d74195fb85c975e0a8cc4466c
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3547

Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: