[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] additional memory leak in USB userspace handling
From: Eugene Teo <eugene () redhat ! com>
Date: 2010-02-18 16:11:13
Message-ID: 4B7D66A1.7040809 () redhat ! com
[Download RAW message or body]
On 02/17/2010 06:46 PM, Marcus Meissner wrote:
> Hi,
>
> a memory allocation leak (not information, just unfreed memory)
> was spotted and fixed by Linus during debugging of previous problem.
>
> On put_user() errors it would leak one "struct async" per REAPURB call.
>
> Fix is in commit ddeee0b2eec2a51b0712b04de4b39e7bec892a53, also
> attached.
>
> Affected code is also going back throughout 2.6 history.
>
> The issue is of less importance than the information leak fix, I am not
> sure if it deserves a CVE or not.
I was talking to Marcus about this. The attacker needs access to a USB
device like the previous bug in order to exploit this.
Thanks, Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic