oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux 3.4+: arbitrary write with CONFIG_X86_X32 (CVE-2014-0038)

From: Solar Designer <solar () openwall com>
Date: Fri, 31 Jan 2014 21:20:39 +0400
On Fri, Jan 31, 2014 at 05:34:05PM +0100, rf () q-leap de wrote:

"SD" == Solar Designer <solar () openwall com> writes:

    SD> This is CVE-2014-0038 (assigned shortly after Kees sent the
    SD> message below).



Are you sure this is the correct CVE?


Pretty sure, yes.  I am not aware of a reason to think otherwise.

It was kindly assigned by Petr Matousek (of Red Hat, even though their
products are not affected) on Wed, 29 Jan 2014 10:01:59 +0100.


It was assigned already beginning of Dec. last year.


The "assigned" date seen on CVE IDs often indicates when a pool of CVE
IDs was created and then assigned to a CNA (Red Hat in this case), not
when individual CVE IDs are assigned to actual issues.  It is perfectly
normal (albeit confusing) for the "assigned" date to be earlier than the
vulnerability discovery date.  This was discussed in here before:

http://www.openwall.com/lists/oss-security/2012/01/23/4

CNAs:

http://cve.mitre.org/cve/cna.html

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: