Date: Sun, 24 Jan 2016 07:47:46 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() Hi Can you assign a CVE for the following issue found https://bugzilla.redhat.com/show_bug.cgi?id=1290642 > A patch was posted to fix an issue regarding unkillable task eating > CPU. > > The problem is in the fuse_fill_write_pages() function. When a user > calls the sys_writev syscall with specially crafted sequence of iovs > the kernel function may never terminate and continue in a tight loop, > the process is unable to be killed. Introduced in: https://git.kernel.org/linus/ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1) Fixed by: https://git.kernel.org/linus/3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5) Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ