oss-sec mailing list archives
Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed
From: Mathias Krause <minipli () googlemail com>
Date: Wed, 18 Nov 2015 10:14:52 +0100
On 18 November 2015 at 08:57, Wade Mealing <wmealing () redhat com> wrote:
[...] Original discussion: - https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
Just for reference... There was an independent discovery earlier this year, tracked in [1]. Even earlier discoveries ([2,3]) missed the connection to AF_UNIX. [1] eventually lead to the incomplete patch [4] and, after multiple non-public ineffective attempts on fixing the issue, to the netdev posting [5]. That's where Jason and Rainer started to post patches fixing the issue. However, none of the patches has been applied yet. Thanks, Mathias [1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4150 [2] https://lkml.org/lkml/2014/5/15/532 [3] https://lkml.org/lkml/2013/10/14/424 [4] http://www.spinics.net/lists/netdev/msg318826.html [5] https://lkml.org/lkml/2015/9/13/195
Current thread:
- CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Wade Mealing (Nov 17)
- Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed Mathias Krause (Nov 18)
- Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed cve-assign (Nov 18)