[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE requests 6x kernel vulns still pending
From: Eugene Teo <eugene () redhat ! com>
Date: 2010-03-24 1:40:58
Message-ID: 4BA96DAA.3070307 () redhat ! com
[Download RAW message or body]
>> 3) kernel: NFS DoS related to "automount" symlinks
>
> What exactly is the DoS that happens here?
NULL pointer dereference.
>> 5) kernel: NFS: Fix an Oops when truncating a file
>
> I assume that nfs_wait_on_request() can be influenced by a non-root user
> to generate the interrupt that triggers the Ooops?
If the non-root user kills the task while truncating the file, this
could lead to the existence of unmapped pages that still have an
attached nfs_page structure in page->private. nfs_wb_page_cancel() waits
for I/O to complete, and when it completes, it will find itself with an
unmapped page and oops.
> All of these will be filled in sometime Wednesday.
>
> - Steve
Thanks!
Eugene
--
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic