oss-security - CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 23 Nov 2015 06:15:57 -0500 (EST)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE request -- linux kernel: Null pointer dereference when mounting
 ext4 filesystem

Hello,
If possible, we would like to obtain a CVE-ID for the following security issue.

It was reported that there are some exit paths in ext4_fill_super() which result
in destruction of workqueue which is not yet initialized, leading to kernel NULL
pointer dereference. A privileged user with permission to mount a filesystem or
anybody having physical access to the system's USB port and prepared filesystem
on USB disk which will be automatically mounted can cause system panic and thus
DoS.

References:

https://bugs.openvz.org/browse/OVZ-6541 - initial public disclosure

https://bugzilla.redhat.com/show_bug.cgi?id=1267261 - red hat public bug

commit 744692dc059845b2a3022119871846e74d4f6e11 - upstream Linux kernel commit
which fixes the issue (only part of the commit is related).

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.