Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 281299 (CVE-2009-2768)

Summary: Kernel: load_flat_shared_library() NULL ptr dereference (CVE-2009-2768)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666
Whiteboard: [linux >=2.6.29 <2.6.31]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-13 09:14:05 UTC 
From Eugene Teo:

The new credentials code broke load_flat_shared_library() as it now uses
an uninitialised cred pointer, leading to a NULL pointer dereference.
This can be triggered by running a shared flat binary.

kernel/cred.c was introduced in v2.6.29-rc1 IIRC.

References:
http://lkml.org/lkml/2009/6/22/91
http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-14 22:19:35 UTC 
CVE-2009-2768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2768):
  The load_flat_shared_library function in fs/binfmt_flat.c in the flat
  subsystem in the Linux kernel before 2.6.31-rc6 allows local users to
  cause a denial of service (NULL pointer dereference and system crash)
  or possibly have unspecified other impact by executing a shared flat
  binary.