oss-sec mailing list archives
CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes
From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 17 Feb 2014 09:58:58 +0100
A flaw was found in the way cifs handled iovecs with bogus pointers userland passed down via writev() during uncached writes. An unprivileged local user with access to cifs share could use this flaw to crash the system or leak kernel memory. Privilege escalation cannot be ruled out (since memory corruption is involved), but is unlikely. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0069 Upstream patch: Patches have been reported to the linux-cifs mailing list: http://article.gmane.org/gmane.linux.kernel.cifs/9401 http://article.gmane.org/gmane.linux.kernel.cifs/9402 Only the first patch is required to fix the flaw. The second patch is to ensure that this does not get hit again in the future by adding extra protection. Thanks, -- Petr Matousek / Red Hat Security Response Team PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3 D874 3E78 6F42 C449 77CA
Current thread:
- CVE-2014-0069 -- kernel: cifs: incorrect handling of bogus user pointers during uncached writes Petr Matousek (Feb 17)