Date: Fri, 21 Oct 2011 15:24:30 +0200 From: Petr Matousek <pmatouse@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops A flaw was found in the way splitting two extents in ext4_ext_convert_to_initialized() worked. Althrough ex has been updated in memory, it is not dirtied both in ext4_ext_convert_to_initialized() and ext4_ext_insert_extent(). The disk layout is corrupted. Then it will meet with a BUG_ON() when writting at the start of that extent again. Local unprivileged users can use this flaw to crash the system when ext4 filesystem is in use. Introduced in: 56055d3ae4cc7fa6d2b10885f20269de8a989ed7 Upstream fix: 667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3 Credits: Zheng Liu References: https://bugzilla.redhat.com/show_bug.cgi?id=747942 Thanks, -- Petr Matousek / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.