oss-sec mailing list archives
Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions
From: David Hildenbrand <david () redhat com>
Date: Mon, 8 Aug 2022 17:58:17 +0200
On 08.08.22 09:18, David Hildenbrand wrote:
Hi, I found a security issue (CVE-2022-2590) in the Linux kernel similar to Dirty COW (CVE-2016-5195), however, restricted to shared memory (shmem / tmpfs). I notified distributions one week ago and the embargo ended today.
I forgot to add an important part: Nadav Amit raised [1] that the dirty bit is possibly problematic and essentially participated to the discovery of this security issue. s/I found/Nadav and I found/ Credit where credit is due. [1] https://lore.kernel.org/all/20220619233449.181323-4-namit () vmware com/ -- Thanks, David / dhildenb
Current thread:
- CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Solar Designer (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions Demi Marie Obenour (Aug 08)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 09)
- Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions David Hildenbrand (Aug 15)