oss-sec mailing list archives
CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Fri, 6 May 2016 15:14:55 +0200
A use-after-free flaw via double-fdput in bpf was recently fixed in Linux. Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=808 Fixed via: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 And as well reported/forwarded in Debian: https://bugs.debian.org/823603 Could you please assign a CVE for this issue? The following two might as well warrant a CVE (Ben Hutchings CC'ed has already applied those to the packaging repository in Debian): bpf: fix refcnt overflow: https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e bpf: fix check_map_func_compatibility logic https://git.kernel.org/linus/6aff67c85c9e5a4bc99e5211c1bac547936626ca Not sure though if the later one has a security impact. The bug allowed generic map functions to be applied to special map types (program, perf events) that did not support them properly. Regards, Salvatore
Current thread:
- CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) Salvatore Bonaccorso (May 06)