Date: Mon, 23 Nov 2015 16:27:48 -0500 (EST) From: cve-assign@...re.org To: vdronov@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > It was reported that there are some exit paths in ext4_fill_super() which result > in destruction of workqueue which is not yet initialized, leading to kernel NULL > pointer dereference. A privileged user with permission to mount a filesystem or > anybody having physical access to the system's USB port and prepared filesystem > on USB disk which will be automatically mounted can cause system panic and thus > DoS. > > https://bugs.openvz.org/browse/OVZ-6541 - initial public disclosure > > https://bugzilla.redhat.com/show_bug.cgi?id=1267261 - red hat public bug > > commit 744692dc059845b2a3022119871846e74d4f6e11 - upstream Linux kernel commit > which fixes the issue (only part of the commit is related). >> http://ftp.linux.org.uk/pub/linux/linux-2.6/ChangeLog-2.6.34 >> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 As far as we can tell, what you mean is that: - "[media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference" in the "Thread-Topic" header of your message is completely unrelated to the vulnerability. That header apparently originated in a message you composed a few weeks ago. - this is an ext4 issue that was fixed in 2.6.34 in May 2010 - the possible security relevance wasn't publicly described until 2015 Use CVE-2015-8324. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWU4RmAAoJEL54rhJi8gl5750P/35CCN2s9KIAsEXcMmxtyXQh kF9RUSoIm/jjBJHr2BYNnuzKXuk62InfdsgPPI4zFRTFXfLZaY+XJootyv4iSwVO a9u4hYuVktm4HdEnRmKcOwTjXVGnVKXT+Ax9rMWD8w/OeZTyjVAf4EI/ETvyRlFl unuRQ9XqlEUr44iF+FmgqFXBUxCghZPGBTFlAZxgvEiXN7md4mtUOgmnSyD+fdbR wHDQxqh70ErQ+qUajK1wDxDT52YcwnzK9MRf44AiE7+HFMtANGB1fzhOUJM6h0aD lHPsn+N9+QjZlcCz2sEYBQakJaGoUzZl0//J//CZWNGmUwDxGopNSBdEDVfCWshD 8opUhDMkWQfr2Tk9WOrjas4ZMiSjN6qksJqWzDzvJjdSqn3jX3Z7ougFl7TUN9Mb ItPHWRNlUYHGFgBp4A9MjADwib/LxSQ+lbC5FM/T5E+kwTU7Umf1P0fr6LRpbASU IEJDgy3l25NlGeZ6bzYsUwzNgoUqvY6o9O/yvh2kwP4wHgIBSYrW2Or2xx7P5TAj +dab6qsJ019bZW56m8gWnGTf/hD0pgIMGSQGaOQOe5mtocfVohZm0ZZfyltRhJqO ZOLLtjmtlL9FSSEJtQqiUWCvFztp5C/WFSWkfsLjCm5Yoy3bHbTK9HJ+aIlI7hJq O90sihjXAtWBittcww4m =Iq/e -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ