[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE requests 6x kernel vulns still pending
From:       Eugene Teo <eugene () redhat ! com>
Date:       2010-03-24 1:40:58
Message-ID: 4BA96DAA.3070307 () redhat ! com
[Download RAW message or body]

>> 3) kernel: NFS DoS related to "automount" symlinks
>
> What exactly is the DoS that happens here?

NULL pointer dereference.

>> 5) kernel: NFS: Fix an Oops when truncating a file
>
> I assume that nfs_wait_on_request() can be influenced by a non-root user
> to generate the interrupt that triggers the Ooops?

If the non-root user kills the task while truncating the file, this 
could lead to the existence of unmapped pages that still have an 
attached nfs_page structure in page->private. nfs_wb_page_cancel() waits 
for I/O to complete, and when it completes, it will find itself with an 
unmapped page and oops.

> All of these will be filled in sometime Wednesday.
>
> - Steve

Thanks!

Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]