Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jan 2016 07:47:46 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: Linux: fuse: possible denial of service in
 fuse_fill_write_pages()

Hi

Can you assign a CVE for the following issue found

https://bugzilla.redhat.com/show_bug.cgi?id=1290642

> A patch was posted to fix an issue regarding unkillable task eating
> CPU.
> 
> The problem is in the fuse_fill_write_pages() function.  When a user
> calls the sys_writev syscall with specially crafted sequence of iovs
> the kernel function may never terminate and continue in a tight loop,
> the process is unable to be killed.

Introduced in:
https://git.kernel.org/linus/ea9b9907b82a09bd1a708004454f7065de77c5b0
(v2.6.26-rc1)

Fixed by:
https://git.kernel.org/linus/3ca8138f014a913f98e6ef40e939868e1e9ea876
(v4.4-rc5)

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ