search

linux-test-project / ltp

Linux Test Project (mailing list: https://lists.linux.it/listinfo/ltp)
https://linux-test-project.readthedocs.io/
GNU General Public License v2.0
2.33k stars 1.02k forks source link

CVE-2017-18344 timer_create syscall implementationdoesn't properly validate the sigevent->sigev_notifyfield, #374

Closed msmeissn closed 4 years ago

msmeissn commented 6 years ago

https://bugzilla.suse.com/show_bug.cgi?id=1102851

https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe

https://nvd.nist.gov/vuln/detail/CVE-2017-18344

could be testable

msmeissn commented 6 years ago

https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-18344/poc.c

posted by Andrey Konovalov andreyknvl@gmail.com to oss-security list

mdoucha commented 4 years ago

We already have a testcase in timer_create03, this issue can be closed.