Date: Mon, 23 Nov 2015 06:15:57 -0500 (EST) From: Vladis Dronov <vdronov@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem Hello, If possible, we would like to obtain a CVE-ID for the following security issue. It was reported that there are some exit paths in ext4_fill_super() which result in destruction of workqueue which is not yet initialized, leading to kernel NULL pointer dereference. A privileged user with permission to mount a filesystem or anybody having physical access to the system's USB port and prepared filesystem on USB disk which will be automatically mounted can cause system panic and thus DoS. References: https://bugs.openvz.org/browse/OVZ-6541 - initial public disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1267261 - red hat public bug commit 744692dc059845b2a3022119871846e74d4f6e11 - upstream Linux kernel commit which fixes the issue (only part of the commit is related). Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.