oss-sec mailing list archives
CVE-2009-3547 kernel: fs: pipe.c null pointer dereference
From: Eugene Teo <eugene () redhat com>
Date: Tue, 03 Nov 2009 18:54:05 +0800
* a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), andpipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation.
http://lkml.org/lkml/2009/10/14/184 http://lkml.org/lkml/2009/10/21/42 http://git.kernel.org/linus/ad3960243e55320d74195fb85c975e0a8cc4466c https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3547 Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE-2009-3547 kernel: fs: pipe.c null pointer dereference Eugene Teo (Nov 03)