oss-sec mailing list archives
Re: Status of two Linux kernel issues w/o CVE assignments
From: Solar Designer <solar () openwall com>
Date: Sat, 24 Dec 2011 01:12:18 +0400
On Fri, Dec 23, 2011 at 01:52:24PM -0700, Kurt Seifried wrote:
On 12/22/2011 09:44 AM, Moritz Muehlenhoff wrote:2: /proc/$PID/{sched,schedstat} information leak Vasiliy Kulikov of OpenWall posted a demo exploit. http://openwall.com/lists/oss-security/2011/11/05/3 AFAICS no CVE ID was assigned to this?I believe we are not assigning CVE's for these types of proc related issues, some discussion was had: https://lkml.org/lkml/2011/2/7/368
For "these types" (what types?) of proc related issues, or for all infoleak issues related to procfs? To me, a timing attack based on data in a world-readable proc file is totally different from a data leak via fd preserved across SUID exec. Thus, a CVE (non-)assignment decision for one of these should have nothing to do with CVE (non-)assignment for the other. Alexander
Current thread:
- Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)