SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
SecurityTracker Alert ID:  1033666
SecurityTracker URL:  http://securitytracker.com/id/1033666
CVE Reference:   CVE-2015-6252   (Links to External Site)
Date:  Sep 28 2015
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user can consume excessive memory on the target system.

A local privileged user with access to the /dev/vhost-net files can issue specially crafted VHOST_SET_LOG_FD ioctl commands to cause the kernel to fail to release a file descriptor and consume excessive memory resources on the target system.

Marc-Andre Lureau reported this vulnerability.

Impact:   A local user can consume excessive memory resources on the target system.
Solution:   The vendor has issued a source code fix, available at:

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 29 2015 (Ubuntu Issues Fix) Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS.
Sep 30 2015 (Ubuntu Issues Fix) Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
Ubuntu has issued a fix for Ubuntu Linux 15.04.
Oct 2 2015 (Ubuntu Issues Fix) Linux Kernel VHOST_SET_LOG_FD File Descriptor Leak Lets Local Users Consume Excessive Memory Resources
Ubuntu has issued a fix for Ubuntu Linux 12.04 LTS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC