
oss-sec mailing list archives
Re: Status of two Linux kernel issues w/o CVE assignments
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 27 Dec 2011 22:36:41 -0700
On 12/24/2011 02:53 PM, Eugene Teo wrote:
2: /proc/$PID/{sched,schedstat} information leak Vasiliy Kulikov of OpenWall posted a demo exploit. http://openwall.com/lists/oss-security/2011/11/05/3 AFAICS no CVE ID was assigned to this?I believe we are not assigning CVE's for these types of proc related issues, some discussion was had: https://lkml.org/lkml/2011/2/7/368 http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks but I'm not sure what the outcome is. CC'ing Eugene Teo.
===========
IIRC, it's an issue but there's no resolution as existing code may break. There are also, /proc/{interrupts, stat} https://lkml.org/lkml/2011/11/7/340
Please use CVE-2011-4915 for this issue.
/dev/pts/, /dev/tty* https://lkml.org/lkml/2011/11/7/355
Please use CVE-2011-4916 for this issue.
I have not checked the status of these issues. Vasiliy, kindly shed some light. Happy holidays. Eugene
-- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- Status of two Linux kernel issues w/o CVE assignments Moritz Muehlenhoff (Dec 22)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Michael Gilbert (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Solar Designer (Dec 23)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Vasiliy Kulikov (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 27)
- Re: Status of two Linux kernel issues w/o CVE assignments Eugene Teo (Dec 24)
- Re: Status of two Linux kernel issues w/o CVE assignments Kurt Seifried (Dec 23)