[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in
From: Solar Designer <solar () openwall ! com>
Date: 2020-01-28 23:50:22
Message-ID: 20200128235022.GA30755 () openwall ! com
[Download RAW message or body]
On Tue, Jan 28, 2020 at 10:48:10PM +0100, Solar Designer wrote:
> I intend to request a CVE ID and post it as a follow-up to this thread.
"Use CVE-2020-8428."
> Al Viro found and analyzed the security impact of and fixed a bug in
> Linux 4.19+ where open(2)'s eventual call to may_create_in_sticky() was
> "done when we already have dropped the reference to dir" and thus with
> dir (a "struct dentry" pointer) being potentially stale and potentially
> pointing to reused memory.
> The bug was introduced with commit 30aba6656f61 and first included in
> Linux 4.19. Al fixed it with commit d0cb50185ae9 two days ago, and the
> fix is already in Linux 5.5 and Greg KH is getting it into stable.
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic