Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Apr 2018 05:30:39 -0400 (EDT)
From: Vladis Dronov <vdronov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: a number of CVEs for issues in the filesystem's code in the
 Linux kernel

Hello,

It appeared that there is another reproducer for CVE-2018-1092 ("kernel:
NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when
mounting crafted ext4 image") which possibly affects a wider range of
systems (than a previous one):

https://bugzilla.kernel.org/show_bug.cgi?id=199275

It was verified that a crash caused by this reproducer (88.img) is fixed
by the same upstream commit 8e4b5eae5decd.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ