Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 24 Oct 2011 15:56:44 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent()
 kernel oops

On 10/21/2011 09:24 PM, Petr Matousek wrote:
> A flaw was found in the way splitting two extents in
> ext4_ext_convert_to_initialized() worked. Althrough ex has been updated
> in memory, it is not dirtied both in ext4_ext_convert_to_initialized()
> and ext4_ext_insert_extent(). The disk layout is corrupted. Then it
> will meet with a BUG_ON() when writting at the start of that extent
> again.
> 
> Local unprivileged users can use this flaw to crash the system when ext4
> filesystem is in use.
> 
> Introduced in:
> 56055d3ae4cc7fa6d2b10885f20269de8a989ed7
> 
> Upstream fix:
> 667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
> 
> Credits:
> Zheng Liu
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=747942
> 
> Thanks,

Use CVE-2011-3638.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.