Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Feb 2017 18:02:53 +0100
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: Local DoS: Linux Kernel EXT4 Memory Corruption /
 SLAB-Out-of-Bounds Read

Hello,


On 02/03/2017 12:29 PM, John Haxby wrote:
> On 03/02/17 05:52, Wade Mealing wrote:
>> Mounting a crafted EXT4 image read-only leads to a memory corruption and
>> SLAB-Out-of-Bounds Reads (according to KASAN).  Since the mounting
>> procedure is a privileged operation, an attacker is probably not able
>> to trigger this vulnerability on the commandline.
>> Instead the automatic mounting feature of the GUI via a crafted
>> USB-device is required.
>>
>> From full disclosure at:
>>
>> http://seclists.org/fulldisclosure/2016/Nov/75
>>
>> If it has been assigned elsewhere, I am unable to see it.
> The bugzilla link from the above isn't accessible.  Are we missing any
> useful information?


https://bugzilla.suse.com/show_bug.cgi?id=1023377#c1

RH: https://bugzilla.redhat.com/show_bug.cgi?id=1395190
ML: http://www.spinics.net/lists/linux-ext4/msg54572.html

Introduced in:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=952fc18ef9ec707ebdc16c0786ec360295e5ff15
(first in v3.6-rc1...)

Fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
(first in v4.10-rc1)


Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)




Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ