Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Feb 2017 18:02:53 +0100
From: Andreas Stieger <>
Subject: Re: Local DoS: Linux Kernel EXT4 Memory Corruption /
 SLAB-Out-of-Bounds Read


On 02/03/2017 12:29 PM, John Haxby wrote:
> On 03/02/17 05:52, Wade Mealing wrote:
>> Mounting a crafted EXT4 image read-only leads to a memory corruption and
>> SLAB-Out-of-Bounds Reads (according to KASAN).  Since the mounting
>> procedure is a privileged operation, an attacker is probably not able
>> to trigger this vulnerability on the commandline.
>> Instead the automatic mounting feature of the GUI via a crafted
>> USB-device is required.
>> From full disclosure at:
>> If it has been assigned elsewhere, I am unable to see it.
> The bugzilla link from the above isn't accessible.  Are we missing any
> useful information?


Introduced in:
(first in v3.6-rc1...)

(first in v4.10-rc1)


Andreas Stieger <>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ