[kernel-sec-discuss] r1562 - active
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Nov 3 17:06:51 UTC 2009
Author: gilbert-guest
Date: 2009-11-03 17:06:50 +0000 (Tue, 03 Nov 2009)
New Revision: 1562
Added:
active/CVE-2009-3547
Log:
new issue
Added: active/CVE-2009-3547
===================================================================
--- active/CVE-2009-3547 (rev 0)
+++ active/CVE-2009-3547 2009-11-03 17:06:50 UTC (rev 1562)
@@ -0,0 +1,20 @@
+Candidate: CVE-2009-3547
+Description:
+ a NULL pointer dereference flaw was found in each of the following
+ functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and
+ pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could
+ be released by other processes before it is used to update the pipe's reader
+ and writer counters. This could lead to a local denial of service or
+ privilege escalation.
+References:
+ http://www.openwall.com/lists/oss-security/2009/11/03/1
+Notes:
+ Brad Spengler *claims* to have already developed a working exploit. Since
+ his previous work has been effective, it is probably true. Hence, this
+ should be treated with high urgency.
+Bugs:
+upstream: pending [ad3960243e55320d74195fb85c975e0a8cc4466c]
+linux-2.6: needed
+2.6.18-etch-security: needed
+2.6.24-etch-security: needed
+2.6.26-lenny-security: needed
More information about the kernel-sec-discuss
mailing list