Date: Sun, 13 Nov 2011 08:54:15 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- kernel: nfs4_getfacl decoding kernel oops On 11/11/2011 09:36 PM, Kurt Seifried wrote: > On 11/11/2011 09:48 AM, Petr Matousek wrote: >> "nfs4_getfacl decoding causes a kernel Oops when a server returns more >> than 2 GETATTR bitmap words in response to the FATTR4_ACL attribute >> request. >> >> While the NFS client only asks for one attribute (FATTR4_ACL) in the >> first bitmap word, the NFSv4 protocol allows for the server to return >> unbounded bitmaps (more than two)." >> >> Upstream commit: >> e5012d1f3861d18c7f3814e757c1c3ab3741dbcd - incomplete, handles only the >> case when 2 words are expected and 3 are returned >> >> Proposed complete upstream patch: >> http://www.spinics.net/lists/linux-nfs/msg25288.html >> >> Reference: >> https://bugzilla.redhat.com/show_bug.cgi?id=747106 >> >> Credit: Andy Adamson >> >> Thanks, > Please use CVE-2011-4131 for this issue > With apologies, I replied to the same message twice, the correct CVE assignment should be: CVE-2011-4131 kernel: nfs4_getfacl decoding kernel oops (correct for this email) The second one, CVE-2011-4132 is for kernel: jbd/jbd2: invalid value of first log block leads to oops which is in a second email. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ