oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Linux kernel: ns: user namespaces panic

From: Andy Lutomirski <luto () kernel org>
Date: Fri, 29 May 2015 16:19:30 -0700
On 05/29/2015 09:35 AM, P J P wrote:

    Hello,

Linux kernel built with the user namespaces support(CONFIG_USER_NS) is
vulnerable to a NULL pointer dereference flaw. It could occur when users
in user namespaces do unmount mounts.

An unprivileged user could use this flaw to crash the system resulting
in DoS.

Upstream fixes:
---------------
   -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
   -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae

It was introduced by:
---------------------
   -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1

Thank you Drew Fisher for reporting this issue to Fedora Security Team.
To clarify further: this is a regression in Linux 4.0.2 and will be fixed in Linux 4.0.5. It has been independently reported by at least Kenton Varda and Alexander Larsson. I think that Eric Biederman also reported it to linux-stable at some point. 

--Andy
Previous By Date Next
Previous By Thread Next

Current thread: