oss-sec mailing list archives
Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
From: Petr Matousek <pmatouse () redhat com>
Date: Tue, 13 Nov 2012 16:36:23 +0100
On Tue, Nov 13, 2012 at 04:21:19PM +0100, Marcus Meissner wrote:
On Sun, Nov 11, 2012 at 12:19:13AM -0700, Kurt Seifried wrote:On 11/10/2012 02:36 PM, Petr Matousek wrote:A NULL pointer dereference flaw has been found in the way a new node's hot-added memory is propagated to other nodes zonelists. An unprivileged local user can use this flaw to crash the system. Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1 References: https://bugzilla.redhat.com/show_bug.cgi?id=875374 Thanks,Please use CVE-2012-5517 for this issue.Our Mel Gorman wonders how this is a security issue. A local attacker would need to wait for the administrator to hot-add memory, which seems unlikely on first thought?
Yes, it is unlikely, but not impossible. This unlikely condition is reflected in the CVSSv2 [1] score -- AC:H -- which Red Hat uses to rate the severity of the security issues and also reflected in the impact rating [2]. [1] http://www.first.org/cvss/cvss-guide.html [2] https://access.redhat.com/security/updates/classification/ -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 10)
- Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Kurt Seifried (Nov 10)
- Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Marcus Meissner (Nov 13)
- Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Petr Matousek (Nov 13)
- Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Marcus Meissner (Nov 13)
- Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes Kurt Seifried (Nov 10)