Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Feb 2017 15:52:19 +1000
From: Wade Mealing <wmealing@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read

Gday,

I'd like to ask for a CVE for the flaw the EXT4 filesystem as described as:

Mounting a crafted EXT4 image read-only leads to a memory corruption and
SLAB-Out-of-Bounds Reads (according to KASAN).  Since the mounting
procedure is a privileged operation, an attacker is probably not able
to trigger this vulnerability on the commandline.
Instead the automatic mounting feature of the GUI via a crafted
USB-device is required.

>From full disclosure at:

http://seclists.org/fulldisclosure/2016/Nov/75

If it has been assigned elsewhere, I am unable to see it.

Thanks,

Wade Mealing
Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ