oss-sec mailing list archives

Re: CVE request: kernel: tty: release_one_tty() forgets to put pids

From: Eugene Teo <eugene () redhat com>
Date: Thu, 15 Apr 2010 08:44:53 +0800

On 04/15/2010 08:37 AM, Eugene Teo wrote:

On 04/15/2010 08:23 AM, Michael Gilbert wrote:

On Wed, 14 Apr 2010 11:20:00 +0800 Eugene Teo wrote:

2) tty: release_one_tty() forgets to put pids
https://bugzilla.redhat.com/show_bug.cgi?id=582076
http://git.kernel.org/linus/6da8d866d0d39e9509ff826660f6a86a6757c966
Not sure this issue can be triggered by a non-privileged user.


this one should get a CVE id i think. looking at only two data points
(2.6.26 and 2.6.32), i've found the vulnerable code present in both.
if i'm not mistaken, redhat has had supported releases in that range.


Was discussing this with another colleague, that it seems possible to
trigger this issue with a non-privileged user. And yes, I agree that
this should have a CVE name assigned. Thanks.

pgrp member in struct tty_struct was converted to struct pid in commitab521dc0, so kernels of version v2.6.26-rc1 and above are affected by this.


Eugene

Current thread:

Couple of kernel issues Eugene Teo (Apr 13)
- Re: Couple of kernel issues Michael Gilbert (Apr 14)
  - CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 14)
    - Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 14)
    - Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Josh Bressers (Apr 15)
    - Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eren Türkay (Apr 26)
    - Re: CVE request: kernel: tty: release_one_tty() forgets to put pids Eugene Teo (Apr 27)