oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam

From: cve-assign () mitre org
Date: Sat, 2 May 2015 11:28:17 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326



... networking fixes ...
6) Unhash ping sockets properly.



a use-after-free bug which can lead to kernel arbitrary execution in
Linux kernel



to trigger the bug you need direct access to a ping socket



For linux PC, the normal user does not have the privilege to create a
icmp(ping) socket



we've successfully seen the potential that we can take advantage of
this bug to achieve privilege escalation (root) on android


Use CVE-2015-3636.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVROvqAAoJEKllVAevmvmsyW4H/A4+sd5as/co6gUwbk8Nk0K8
+zA0YuvAVzHWaCPgcZixhPUJRtxT//cUHQaMBVSHCXECR6cdlvCWiD8z1AzsI3wX
ECaMt7jJ1pdjXnuOfr8Fb4Qhu3JYfC4pVFspVOGb1Uk92XeICWBx7VdueRS1uisZ
rpfgtgrsXiB4k5gRhP5M6pDzQzE1jlq1nA6Bqdq794YbrKwiU/F48h8uapKktZV2
acw6dsEgnPd2fnQEWWQ2KkS535DbFwbql/E9Zbknk+h+L6RGTiD69Qw6HgosCb49
ltzaJMKdF+KBGCJW4NLQbEH7hwzIvV4SRsUoKHv7TQM81OutzrEOo1UOSvkR+Ok=
=FVXv
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: