oss-sec mailing list archives
Re: CVE requests 6x kernel vulns still pending
From: Eugene Teo <eugene () redhat com>
Date: Wed, 24 Mar 2010 09:40:58 +0800
3) kernel: NFS DoS related to "automount" symlinksWhat exactly is the DoS that happens here?
NULL pointer dereference.
5) kernel: NFS: Fix an Oops when truncating a fileI assume that nfs_wait_on_request() can be influenced by a non-root user to generate the interrupt that triggers the Ooops?
If the non-root user kills the task while truncating the file, this could lead to the existence of unmapped pages that still have an attached nfs_page structure in page->private. nfs_wb_page_cancel() waits for I/O to complete, and when it completes, it will find itself with an unmapped page and oops.
All of these will be filled in sometime Wednesday. - Steve
Thanks! Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE requests 6x kernel vulns still pending Eugene Teo (Mar 22)
- Re: CVE requests 6x kernel vulns still pending Steven M. Christey (Mar 23)
- Re: CVE requests 6x kernel vulns still pending Eugene Teo (Mar 23)
- Re: CVE requests 6x kernel vulns still pending Steven M. Christey (Mar 23)