Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes
From: Marcus Meissner <meissner () suse de>
Date: Tue, 13 Nov 2012 16:21:19 +0100

On Sun, Nov 11, 2012 at 12:19:13AM -0700, Kurt Seifried wrote:
On 11/10/2012 02:36 PM, Petr Matousek wrote:
A NULL pointer dereference flaw has been found in the way a new
node's hot-added memory is propagated to other nodes zonelists. An
unprivileged local user can use this flaw to crash the system.

Upstream fix: 

 References: https://bugzilla.redhat.com/show_bug.cgi?id=875374


Please use CVE-2012-5517 for this issue.

Our Mel Gorman wonders how this is a security issue.

A local attacker would need to wait for the administrator to hot-add
memory, which seems unlikely on first thought?

Ciao, Marcus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]