oss-sec mailing list archives
CVE request: kernel: OOM-killer via argv expansion
From: Kees Cook <kees () ubuntu com>
Date: Mon, 28 Feb 2011 12:32:55 -0800
Hi, I think the flaw[1] with argv-expansion triggering the OOM-killer incorrectly needs its own CVE. While the stack guard page and the fixes[2] for CVE-2010-3858 certainly improved things, argv expansion can still be tricked into OOM-killing the entire system. Solutions were discussed on the original thread, but were not finished. Recently a set of patches[3] has been re-proposed to fix this issue. Regardless, it should probably get its own CVE assigned. Thanks, -Kees [1] https://lkml.org/lkml/2010/8/27/429 [2] http://git.kernel.org/linus/1b528181b2ffa14721fb28ad1bd539fe1732c583 [3] https://lkml.org/lkml/2011/2/25/227 -- Kees Cook Ubuntu Security Team
Current thread:
- CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Nelson Elhage (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Eugene Teo (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)
- Re: CVE request: kernel: OOM-killer via argv expansion Kees Cook (Feb 28)