oss-sec mailing list archives
Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD
From: cve-assign () mitre org
Date: Tue, 18 Aug 2015 01:29:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A flaw was found in the way Linux kernel's vhost driver treated userspace provided log fd while processing VHOST_SET_LOG_FD ioctl command. A privileged local user with access to the /dev/vhost-net files. The provided descriptor would never be released and consume kernel memory. Usually this /dev/vhost-net file(s) have write access with root permissions but applications may access it with privileged access through libvirt or other virtualisation. A file descriptor may waste memory for each VHOST_SET_LOG_FD command issued, eventually wasting available system resources creating a denial of service. https://lkml.org/lkml/2015/8/10/375 https://bugzilla.redhat.com/show_bug.cgi?id=1251839
(not yet available at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/vhost/vhost.c) Use CVE-2015-6252. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJV0sJcAAoJEKllVAevmvmsqscH/1AdQuzu0sM3q3ZxCHidm2cD tCvp8ap/fN58bu6h8N2XnG7b/cCNgtYZFVhouINLFMjinPaat8rEzX8jnKyvYg3Y XhhDyXw1c/Ly94Y1Ec3xx5gozlulkJzn/JoZIxenA+ENOh5NQnCL9CSPrmCrGcTO 0w/Tuywuj02jmz9mFiijuDsKFGybGFCQ5gE0tGA5CLyy+0YFHliXdvzBmaD5qBT8 QN4kzG356QYDMA3fPuEBarluYcSHfm4GCogsTa007TjvI+0FdnCRLcN2IKPXBjpY bo15L2zlMwSAbStNOcuyOdOCaIOE6hlFmt88TxcJ0sFyWjSHZiUcINXsCOyIcwk= =rAP9 -----END PGP SIGNATURE-----
Current thread:
- CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD Wade Mealing (Aug 17)
- Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD cve-assign (Aug 17)