oss-sec mailing list archives

Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open

From: Greg KH <greg () kroah com>
Date: Fri, 13 Mar 2015 20:46:39 +0100

On Fri, Mar 13, 2015 at 11:30:23PM +0530, P J P wrote:

   Hello,

Linux kernel built with the virtual console support(CONFIG_VT) is vulnerable
to a NULL pointer dereference issue. It could occur while accessing pseudo
terminal device(/dev/pts/*) files.

An unprivileged user could use this flaw to crash the system kernel resulting
in DoS.

Upstream fix:
-------------
   -> https://git.kernel.org/linus/c290f8358acaeffd8e0c551ddcc24d1206143376


Digging up patches from 2011?  Why?  It should have long-ago been
backported to all relevant kernel releases from any company that has a
kernel that is still supported today that is older than the 3.2 release
and newer than 2.6.28.

And if you are a company that is ignoring stable kernel patches for
their old kernel releases, well, that's just not very wise :)

What does asking for a CVE for such an old issue help with?

thanks,

greg k-h

Current thread:

CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Greg KH (Mar 13)
  - Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Kurt Seifried (Mar 13)
  - Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open P J P (Mar 16)
- RE: CVE request: Linux kernel: tty: kobject reference leakage in tty_open Mehaffey, John (Mar 13)
- Re: CVE request: Linux kernel: tty: kobject reference leakage in tty_open cve-assign (Mar 13)