oss-sec mailing list archives
Re: Status of two Linux kernel issues w/o CVE assignments
From: Michael Gilbert <michael.s.gilbert () gmail com>
Date: Fri, 23 Dec 2011 16:10:38 -0500
On Fri, Dec 23, 2011 at 3:52 PM, Kurt Seifried wrote:
On 12/22/2011 09:44 AM, Moritz Muehlenhoff wrote:Hi, there were a two Linux-related CVE requests/discussions, which didn't end up in an assignment: 1: rose: Add length checks to CALL_REQUEST parsing e0bccd315db0c2f919e7fcf9cb60db21d9986f52 in mainline It was decided that this should be split, but without a final resulting CVE assignment: http://www.openwall.com/lists/oss-security/2011/04/12/1Can anyone shed more light on this for me? (links to fixes/etc.?).
As stated in Moritz's original message, the linux kernel git commit id is e0bccd315. Here is a link directly to a message with the patch: http://marc.info/?l=linux-netdev&m=130063972406389&w=2
2: /proc/$PID/{sched,schedstat} information leak Vasiliy Kulikov of OpenWall posted a demo exploit. http://openwall.com/lists/oss-security/2011/11/05/3 AFAICS no CVE ID was assigned to this?I believe we are not assigning CVE's for these types of proc related issues, some discussion was had:
Infoleaks certainly do get an id as they are considered an exposure (i.e. they make an exploiters job easier); as in Common Vulnerabilities and Exposures (CVE): http://cve.mitre.org Best wishes, Mike
Current thread:
- Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)