oss-sec mailing list archives
Re: CVE requests 6x kernel vulns still pending
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 23 Mar 2010 21:12:19 -0400 (EDT)
On Tue, 23 Mar 2010, Eugene Teo wrote:
1) kernel information leak via userspace USB interface
Use CVE-2010-1083 Seems reasonable to skip the secondary issue brought up by Marcus.
2) kernel: ALSA: hda-intel: Avoid divide by zero crash
Use CVE-2010-1085
3) kernel: NFS DoS related to "automount" symlinks
What exactly is the DoS that happens here? Use CVE-2010-1088 (note that this number is out of order)
4) kernel: dvb-core: ULE decapsulation DoS
Use CVE-2010-1086
5) kernel: NFS: Fix an Oops when truncating a file
I assume that nfs_wait_on_request() can be influenced by a non-root user to generate the interrupt that triggers the Ooops?
Use CVE-2010-1087
6) kernel: bluetooth: potential bad memory access with sysfs files
Use CVE-2010-1084 (notice how this number is out of order) All of these will be filled in sometime Wednesday. - Steve
Current thread:
- CVE requests 6x kernel vulns still pending Eugene Teo (Mar 22)
- Re: CVE requests 6x kernel vulns still pending Steven M. Christey (Mar 23)
- Re: CVE requests 6x kernel vulns still pending Eugene Teo (Mar 23)
- Re: CVE requests 6x kernel vulns still pending Steven M. Christey (Mar 23)