Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A flaw was found in the way Linux kernel's vhost driver treated userspace
> provided log fd while processing VHOST_SET_LOG_FD ioctl command. A
> privileged local user with access to the /dev/vhost-net files.  The
> provided descriptor would never be released and consume kernel memory.
>
> Usually this /dev/vhost-net file(s) have write access with
> root permissions but applications may access it with privileged 
> access through libvirt or other virtualisation.
>
> A file descriptor may waste memory for each VHOST_SET_LOG_FD command issued, eventually
> wasting available system resources creating a denial of service.
>
> https://lkml.org/lkml/2015/8/10/375
> https://bugzilla.redhat.com/show_bug.cgi?id=1251839

(not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/vhost/vhost.c)

Use CVE-2015-6252.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJV0sJcAAoJEKllVAevmvmsqscH/1AdQuzu0sM3q3ZxCHidm2cD
tCvp8ap/fN58bu6h8N2XnG7b/cCNgtYZFVhouINLFMjinPaat8rEzX8jnKyvYg3Y
XhhDyXw1c/Ly94Y1Ec3xx5gozlulkJzn/JoZIxenA+ENOh5NQnCL9CSPrmCrGcTO
0w/Tuywuj02jmz9mFiijuDsKFGybGFCQ5gE0tGA5CLyy+0YFHliXdvzBmaD5qBT8
QN4kzG356QYDMA3fPuEBarluYcSHfm4GCogsTa007TjvI+0FdnCRLcN2IKPXBjpY
bo15L2zlMwSAbStNOcuyOdOCaIOE6hlFmt88TxcJ0sFyWjSHZiUcINXsCOyIcwk=
=rAP9
-----END PGP SIGNATURE-----