Date: Fri, 3 Feb 2017 15:52:19 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read Gday, I'd like to ask for a CVE for the flaw the EXT4 filesystem as described as: Mounting a crafted EXT4 image read-only leads to a memory corruption and SLAB-Out-of-Bounds Reads (according to KASAN). Since the mounting procedure is a privileged operation, an attacker is probably not able to trigger this vulnerability on the commandline. Instead the automatic mounting feature of the GUI via a crafted USB-device is required. >From full disclosure at: http://seclists.org/fulldisclosure/2016/Nov/75 If it has been assigned elsewhere, I am unable to see it. Thanks, Wade Mealing Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ