oss-sec mailing list archives

Re: CVE request Linux kernel: ns: user namespaces panic

From: cve-assign () mitre org
Date: Wed, 3 Jun 2015 13:58:34 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Linux kernel built with the user namespaces support(CONFIG_USER_NS) is
vulnerable to a NULL pointer dereference flaw. It could occur when users in
user namespaces do unmount mounts.

An unprivileged user could use this flaw to crash the system resulting in DoS.

Upstream fixes:
---------------
   -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
   -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae


We feel that this is best covered by two CVE IDs. The
cd4a40174b71acd021877341684d8bb1dc8ea4ae issue seems to be about lack of
state identification (i.e., the state is whether the path is
mounted or unmounted), whereas the 820f9f147dcce2602eefd9b575bbbd9ea14f0953
issue seems to be about lack of internal consistency of a data structure.

We will send the two CVE IDs soon.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVbz/9AAoJEKllVAevmvmsPxQIAJBdaqPsp21s2Z3yzWem8/Jn
s8wC/BTA2XuVshILGaTSdxy97M73r+KEMO7KdVL/V8hrtz6h9F2WJobZOyWEI/UM
pDqzCVspGjeeP0V//otnFfO4nry7Hwz+ZyMz7GLw9xPv0oMuV/We5aSrWzeC1aoc
UKMP8lO3Rua4KvhJKPEzOwyBiQELe7oPUc2VoIcHtec0EPftGvldZXe62yrNXliC
8CYEdCqNF9Q1kHI8fbCknRZupwmOrWtKbYVowoPBOpReObdoEvCWTSGr4xHp+/kY
CBOTi/Pfw5RhyzY9d8pMIKcrRKc+bhgRh6b3bWdVzFHrKB8H80KaLN851LyYsOU=
=xXo+
-----END PGP SIGNATURE-----

Current thread:

CVE request Linux kernel: ns: user namespaces panic P J P (May 29)
- Re: CVE request Linux kernel: ns: user namespaces panic Andy Lutomirski (May 29)
- Re: CVE request Linux kernel: ns: user namespaces panic cve-assign (Jun 03)
  - Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 03)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 04)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 04)
    - Re: CVE request Linux kernel: ns: user namespaces panic cve-assign (Jun 04)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 05)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 05)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 07)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic Eric W. Biederman (Jun 07)
    - Re: Re: CVE request Linux kernel: ns: user namespaces panic P J P (Jun 07)