Date: Tue, 28 Feb 2012 09:09:26 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount On 02/28/2012 08:15 AM, Petr Matousek wrote: > The cifs code will attempt to open files on lookup under certain > circumstances. What happens though if we find that the file we opened > was actually a FIFO or other special file? Currently, the open > filehandle just ends up being leaked leading to a dentry refcount > mismatch and oops on umount. > > An unprivileged local user could use this flaw to crash the system. > > Introduced by: > a6ce4932fbdbcd8f8e8c6df76812014351c32892 (Linux kernel 2.6.31) > > Proposed upstream patch: > http://thread.gmane.org/gmane.linux.kernel.cifs/5526 > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=798293 > http://thread.gmane.org/gmane.linux.kernel.cifs/5526 > > Thanks, Please use CVE-2012-1090 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ