CVE-2015-1339: Linux Kernel: memory exhaustion via CUSE driver

[Tyler Hicks <tyhicks () canonical com>]

Colin Ian King discovered a kernel memory leak in the CUSE driver using
stress-ng. A local denial of service, via memory exhaustion, is possible
if the attacker has sufficient privileges to repeatedly open /dev/cuse
for reading.

In Ubuntu, /dev/cuse is only readable by root so this flaw was deemed to
have a very low impact. I'm unsure of the default permissions in other
distributions.

CVE-2015-1339 was assigned to the issue.

Introduced in 4.2: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56
Fixed in 4.4: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c

Tyler

Attachment: signature.asc
Description: