oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- Linux kernel: vhost-net: use-after-free in vhost_net_flush

From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 15 Jul 2013 21:53:56 +0200
vhost_net_ubuf_put_and_wait has a confusing name: it will actually also
free it's argument. vhost_net_flush tries to use the argument after
passing it to vhost_net_ubuf_put_and_wait, this results in use after
free.

Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1280c27f8e29acf4af2da914e80ec27c3dbd5c01

Introduced in upstream version:
v3.8-rc1

References:
https://bugzilla.redhat.com/show_bug.cgi?id=984722
https://bugzilla.redhat.com/show_bug.cgi?id=980643
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f19&id=da4ebd83da1869778909f394f6ebd50850ef5fec

-- 
Petr Matousek / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: