Bug 1867450 (CVE-2015-7312) - CVE-2015-7312 kernel: multiple race conditions in aufs
Summary: CVE-2015-7312 kernel: multiple race conditions in aufs
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-7312
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1867451
Blocks: 1867452
TreeView+ depends on / blocked
 
Reported: 2020-08-10 03:38 UTC by Dhananjay Arunesh
Modified: 2020-08-25 12:42 UTC (History)
47 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-21 21:15:15 UTC


Attachments (Terms of Use)

Description Dhananjay Arunesh 2020-08-10 03:38:46 UTC
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.

References:
https://www.openwall.com/lists/oss-security/2015/09/22/10
https://sourceforge.net/p/aufs/mailman/message/34449209/

Comment 1 Dhananjay Arunesh 2020-08-10 03:41:24 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1867451]

Comment 2 Justin M. Forbes 2020-08-10 18:20:25 UTC
This was fixed upstream in 2012 and has not been an issue in any currently supported Fedora release.

Comment 3 Product Security DevOps Team 2020-08-21 21:15:15 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2015-7312


Note You need to log in before you can comment on or make changes to this bug.