oss-sec mailing list archives
Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk()
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Aug 2012 12:27:21 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/20/2012 11:25 AM, Petr Matousek wrote:
An use-after-free flaw has been found in the way taskstat's TASKSTATS_CMD_ATTR_PID command and exiting tasks with already freed mm interacted. An unprivileged local user could use this flaw to crash the system or leak kernel memory. Please note that the fix below is from year 2006. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9 References: http://bugzilla.openvz.org/show_bug.cgi?id=2294 https://bugzilla.redhat.com/show_bug.cgi?id=849722 Thanks,
Please use CVE-2012-3510 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQMoGJAAoJEBYNRVNeJnmTKDMP/0NF2Vka50AbpYA8dd9YD/Cm 7dBbM0inaXPRclycbqGR8jhARF9JYq6AQd84nCeazJZJ8QA2rG+miUm3bePiYEPk dBpZugs2GW1Q1UjVHKvQoJ8NQh4vh+z9Xqf/8Rzuoo87O2YFcz3MD81WL3JEq29a nvYW1C0sgPpxXy9GQlw0HiY4D9KVgflHx62bjCfrNr0c+5tgmZe3M0CtorvmCzQW WiU3OTW39BHmUKyHcaDqcDcjiRVP5Y3zPmBq/72PfluccHoTeKYfKjDjwEjjvVyf yeYzr2ayPDyY4orW9ACTv4AXPPeuHDw0cFYUmAurzycmSGufnXgmg8OZf4hOk4oH StNYNeeM7WjaoxXsY7+nUEVFgN7BchCmLQE7TMVD6IHCpu3mG+MdKmLymP/yL2xL ne20qB8C956vPrLTy2M7Z15YWivwazPmnXEpR/5KIRxxt3KWZJMh9fyWrKu+pg3i GNsOei9gABH1O7DZ6TBmOo0zOq1EJGQMHQjVhTIfs2462Yykz8QLMzEcXV7tzMsP dSnUT+C8QtwBrfD/3gbVhvdmXku8oY4lUo6ZTjSAAg4tRu4Au8iCxBuhHTttenuH qstTVfIB9tgnQExDdzIIe/Np8THIJPXJkXHBLPJf4uT9dEdfIcPRmDnp9wIZiI1V zCzKDuMvydpTpa1CW8DK =tI6r -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek (Aug 20)
- Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Kurt Seifried (Aug 20)
- Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() akuster (Aug 21)
- Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk() Petr Matousek (Aug 21)