oss-sec mailing list archives
CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path
From: Vladis Dronov <vdronov () redhat com>
Date: Fri, 12 May 2017 09:24:56 -0400 (EDT)
Hello, A reference counter leak in Linux kernel in ipxitf_ioctl function was found which results into use after free vulnerability that's triggerable from unprivileged userspace when IPX interface is configured. cvss3=5.6/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H cwe=CWE-416 References: https://patchwork.ozlabs.org/patch/757549/ https://bugzilla.redhat.com/show_bug.cgi?id=1447734 Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee0d8d8482345ff97a75a7d747efc309f13b0d80 Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Current thread:
- CVE-2017-7472 Linux kernel: KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings Vladis Dronov (May 11)
- CVE-2017-7487: Linux kernel: ipx: call ipxitf_put() in ioctl error path Vladis Dronov (May 12)