Re: Status of two Linux kernel issues w/o CVE assignments

[Kurt Seifried <kseifried () redhat com>]

On 12/24/2011 02:53 PM, Eugene Teo wrote:
> > > 2: /proc/$PID/{sched,schedstat} information leak
> > > Vasiliy Kulikov of OpenWall posted a demo exploit.
> > > http://openwall.com/lists/oss-security/2011/11/05/3
> > >
> > > AFAICS no CVE ID was assigned to this?
> > I believe we are not assigning CVE's for these types of proc related
> > issues, some discussion was had:
> >
> > https://lkml.org/lkml/2011/2/7/368
> >
> > http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks
> >
> > but I'm not sure what the outcome is. CC'ing Eugene Teo.
===========
> IIRC, it's an issue but there's no resolution as existing code may break.
>
> There are also,
> /proc/{interrupts, stat}
> https://lkml.org/lkml/2011/11/7/340
Please use CVE-2011-4915 for this issue.
> /dev/pts/, /dev/tty*
> https://lkml.org/lkml/2011/11/7/355
Please use CVE-2011-4916 for this issue.


> I have not checked the status of these issues. Vasiliy, kindly shed some
> light.
>
> Happy holidays.
>
> Eugene


--

-Kurt Seifried / Red Hat Security Response Team