Re: CVE Request -- kernel: taskstats: use-after-free in xacct_add_tsk()

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/20/2012 11:25 AM, Petr Matousek wrote:
> An use-after-free flaw has been found in the way taskstat's
> TASKSTATS_CMD_ATTR_PID command and exiting tasks with already freed mm
> interacted. An unprivileged local user could use this flaw to crash the
> system or leak kernel memory.
>
> Please note that the fix below is from year 2006.
>
> Upstream fix:
> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f0ec1aaf54caddd21c259aea8b2ecfbde4ee4fb9
>
> References:
> http://bugzilla.openvz.org/show_bug.cgi?id=2294
> https://bugzilla.redhat.com/show_bug.cgi?id=849722
>
> Thanks,

Please use CVE-2012-3510 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQMoGJAAoJEBYNRVNeJnmTKDMP/0NF2Vka50AbpYA8dd9YD/Cm
7dBbM0inaXPRclycbqGR8jhARF9JYq6AQd84nCeazJZJ8QA2rG+miUm3bePiYEPk
dBpZugs2GW1Q1UjVHKvQoJ8NQh4vh+z9Xqf/8Rzuoo87O2YFcz3MD81WL3JEq29a
nvYW1C0sgPpxXy9GQlw0HiY4D9KVgflHx62bjCfrNr0c+5tgmZe3M0CtorvmCzQW
WiU3OTW39BHmUKyHcaDqcDcjiRVP5Y3zPmBq/72PfluccHoTeKYfKjDjwEjjvVyf
yeYzr2ayPDyY4orW9ACTv4AXPPeuHDw0cFYUmAurzycmSGufnXgmg8OZf4hOk4oH
StNYNeeM7WjaoxXsY7+nUEVFgN7BchCmLQE7TMVD6IHCpu3mG+MdKmLymP/yL2xL
ne20qB8C956vPrLTy2M7Z15YWivwazPmnXEpR/5KIRxxt3KWZJMh9fyWrKu+pg3i
GNsOei9gABH1O7DZ6TBmOo0zOq1EJGQMHQjVhTIfs2462Yykz8QLMzEcXV7tzMsP
dSnUT+C8QtwBrfD/3gbVhvdmXku8oY4lUo6ZTjSAAg4tRu4Au8iCxBuhHTttenuH
qstTVfIB9tgnQExDdzIIe/Np8THIJPXJkXHBLPJf4uT9dEdfIcPRmDnp9wIZiI1V
zCzKDuMvydpTpa1CW8DK
=tI6r
-----END PGP SIGNATURE-----