oss-sec mailing list archives

Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed

From: Mathias Krause <minipli () googlemail com>
Date: Wed, 18 Nov 2015 10:14:52 +0100

On 18 November 2015 at 08:57, Wade Mealing <wmealing () redhat com> wrote:

[...]

Original discussion:
- https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8


Just for reference... There was an independent discovery earlier this
year, tracked in [1]. Even earlier discoveries ([2,3]) missed the
connection to AF_UNIX. [1] eventually lead to the incomplete patch [4]
and, after multiple non-public ineffective attempts on fixing the
issue, to the netdev posting [5]. That's where Jason and Rainer
started to post patches fixing the issue. However, none of the patches
has been applied yet.


Thanks,
Mathias

[1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4150
[2] https://lkml.org/lkml/2014/5/15/532
[3] https://lkml.org/lkml/2013/10/14/424
[4] http://www.spinics.net/lists/netdev/msg318826.html
[5] https://lkml.org/lkml/2015/9/13/195

Current thread:

CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Wade Mealing (Nov 17)
- Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Mathias Krause (Nov 18)
- Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed cve-assign (Nov 18)