Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 281299 (CVE-2009-2768) - Kernel: load_flat_shared_library() NULL ptr dereference (CVE-2009-2768)
Summary: Kernel: load_flat_shared_library() NULL ptr dereference (CVE-2009-2768)
Status: RESOLVED FIXED
Alias: CVE-2009-2768
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://git.kernel.org/?p=linux/kernel...
Whiteboard: [linux >=2.6.29 <2.6.31]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-13 09:14 UTC by Alex Legler (RETIRED)
Modified: 2013-09-15 18:43 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-13 09:14:05 UTC 
From Eugene Teo:

The new credentials code broke load_flat_shared_library() as it now uses
an uninitialised cred pointer, leading to a NULL pointer dereference.
This can be triggered by running a shared flat binary.

kernel/cred.c was introduced in v2.6.29-rc1 IIRC.

References:
http://lkml.org/lkml/2009/6/22/91
http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-14 22:19:35 UTC 
CVE-2009-2768 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2768):
  The load_flat_shared_library function in fs/binfmt_flat.c in the flat
  subsystem in the Linux kernel before 2.6.31-rc6 allows local users to
  cause a denial of service (NULL pointer dereference and system crash)
  or possibly have unspecified other impact by executing a shared flat
  binary.