Date: Tue, 26 Aug 2014 10:33:08 +0200 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: Linux Kernel unbound recursion in ISOFS Hi, >From the google security research team: https://code.google.com/p/google-security-research/issues/detail?id=88 fixed in https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 Author: Jan Kara <jack@...e.cz> Date: Sun Aug 17 11:49:57 2014 +0200 isofs: Fix unbounded recursion when processing relocated directories We did not check relocated directory in any way when processing Rock Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL entry pointing to another CL entry leading to possibly unbounded recursion in kernel code and thus stack overflow or deadlocks (if there is a loop created from CL entries). Fix the problem by not allowing CL entry to point to a directory entry with CL entry (such use makes no good sense anyway) and by checking whether CL entry doesn't point to itself. CC: stable@...r.kernel.org Reported-by: Chris Evans <cevans@...gle.com> Signed-off-by: Jan Kara <jack@...e.cz> This still needs a CVE. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.