oss-sec mailing list archives
Re: CVE Request: remote triggerable use-after-free in rpcbind
From: Marcus Meissner <meissner () suse de>
Date: Thu, 17 Sep 2015 20:54:20 +0200
On Thu, Sep 17, 2015 at 02:51:26PM -0400, Steve Dickson wrote:
On 09/17/2015 12:20 PM, cve-assign () mitre org wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256http://www.spinics.net/lists/linux-nfs/msg53045.html https://bugzilla.suse.com/show_bug.cgi?id=946204frees the netbuf caller_addr and caller_addr.buf. However, it does not clear xp_rtaddr, so xp_rtaddr.buf now refers to memory region A, which is free. ... It will reuse the buffer inside xp_rtaddrUse CVE-2015-7236.Will there be a bz opened up?
Where should I open it? kernel.org? Ciao, Marcus
Current thread:
- CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Marcus Meissner (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Kurt Seifried (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind Steve Dickson (Sep 17)
- Re: CVE Request: remote triggerable use-after-free in rpcbind cve-assign (Sep 17)
- Re: Re: CVE Request: remote triggerable use-after-free in rpcbind Olaf Kirch (Sep 18)