LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Another kernel NULL pointer vulnerability

Another kernel NULL pointer vulnerability

Posted Aug 14, 2009 18:00 UTC (Fri) by spender (subscriber, #23067)
In reply to: Another kernel NULL pointer vulnerability by MarkWilliamson
Parent article: Another kernel NULL pointer vulnerability

Yea, they used a bunch of weasel words like "dumb idea"/"stupid behavior" etc instead of calling it what it was: a vulnerability. I hear finally they are going to call it as such and issue a CVE (and then hopefully actually resolve the problem, which is currently unfixed). And it only took them an entire month, having my CVE request ignored, releasing two exploits, one of which works against all Red Hat/Fedora/RHEL versions since 2001, having them lie about putting in their own CVE request (they asked me to cancel my CVE request so they could put their own in) to have it pushed aside as an "errata" and then ultimately left unfixed.

-Brad

(Log in to post comments)

Another kernel NULL pointer vulnerability

Posted Aug 15, 2009 11:39 UTC (Sat) by trasz (guest, #45786) [Link]

In this case, it's more a design mistake in LSM - allowing a policy to _lower_ the security, i.e. to permit something that would be otherwise denied - than a specific vulnerability. Vulnerability is just an effect of this problem.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds