Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Aug 2010 13:09:55 -0400 (EDT)
From: "Steven M. Christey" <>
cc: "Steven M. Christey" <>
Subject: Re: CVE request - kernel: integer overflow in

On Mon, 16 Aug 2010, Eugene Teo wrote:

> This was reported by a customer. Integer overflow flaws were found in 
> ext4_ext_in_cache() and ext4_ext_get_blocks(). We managed to triggered the 
> case in ext4_ext_get_blocks() but did not attempt to try the other. This can 
> trigger a BUG() on certain configuration of ext4 file systems.
> Upstream commit:

Use CVE-2010-3015

What does an attacker have to do to exploit this?  Mount a crafted file 

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.