Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 18 Nov 2013 15:46:49 +0100
From: Petr Matousek <>
Cc: Kurt Seifried <>
Subject: CVE-2013-4591 -- Linux kernel: kernel: nfs: missing check for buffer
 length in __nfs4_get_acl_uncached

Commit 1f1ea6c ccidently dropped the checking for too small result
buffer length.
If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount
supporting ACLs, the ACL has not been cached and the buffer suplied is
too short, we still copy the complete ACL, resulting in kernel and user
space memory corruption.

Introduced by:

Upstream commit:


Petr Matousek / Red Hat Security Response Team
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.