oss-sec mailing list archives

CVE request - Linux kernel: tracing NULL pointer dereference

From: P J P <ppandit () redhat com>
Date: Mon, 15 Apr 2013 17:00:52 +0530 (IST)

Hi,

Linux kernels built with Function Tracers and Stack Trackers are vulnerable toa NULL pointer dereference flaw. It occurs while writing to `set_ftrace_pid'and `set_graph_function' files used by the kernel tracers.

A privileged user/program could use this flaw to crash the kernel, resultingin DoS.


Upstream fix:
-------------
 -> https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d

Reference:
----------
 -> https://bugzilla.redhat.com/show_bug.cgi?id=952197

Thank you.
--
Prasad J Pandit / Red Hat Security Response Team
DB7A 84C5 D3F9 7CD1 B5EB  C939 D048 7860 3655 602B

Current thread:

CVE request - Linux kernel: tracing NULL pointer dereference P J P (Apr 15)
- Re: CVE request - Linux kernel: tracing NULL pointer dereference cve-assign (Apr 28)