Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 31 Aug 2016 08:23:56 -0400 (EDT)
From: cve-assign@...re.org
To: ben@...adent.org.uk
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, debian@...ny.org
Subject: Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> a bug in Debian's kernel
> packages that allows a denial of service (crash) by local users with
> access to an aufs filesystem.  The bug is in a Debian-specific patch,
> not the upstream kernel or aufs code.

>> the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
>> fcntl support code (#627782) which unfortunately results in a kernel
>> Oops when the fcntl is called on a directory. This breaks e.g. copying
>> files from an AUFS filesystem on a remote machine using scp.

>>        fcntl (fd, F_SETFL, O_RDONLY);

>> Call the program on regular a file (nothing happens) and then on a
>> directory (Oops).

>> The Oops happens in fs/fcntl.c

>> The aufs_file_fop structure sets the value of the .setfl member to
>> aufs_setfl (f_op.c). aufs_dir_fop (dir.c) on the other hand does not.

>>   aufs 3.2.x+setfl-debian

>>   kernel NULL pointer dereference

Use CVE-2016-7118.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXxsvbAAoJEHb/MwWLVhi2LWoP/3ZaPz0Ig/FPWdBi+JyGP7/K
YlCUjfpCrWaIBQwczMqZX+7E+aTym5dQ3tvRYdoOiDZhhcGCxLa7YCNLHZdVDIkC
OJOrBOoDyL1OjhcNvFD6uahCAfqVAilvFgR7HNkbiwPnvFIkUd3LZXtvpfCla4l8
8/PABvTGSnZWesZdG573mduIZQ0wO/RGcp1ng+tbyZjXUUWqJe03v70C19s0aMVh
xXZLk3WuCUUnEfdWsRK2W5Shj4zCqIBhzbzWQcBcFLL65hxdoLGLLsCkx3EM0VkO
8f07NoP24dKfLy1uH4HhRcVKIc4E22knCGOnWIX4aiHvbLHtBAnoNHhG9rgRg221
DomDaYqjyOXgFUIK2DxB1qJbTPvKuyhWQZ+MrI0c72NJ8nSgexoEdk/6pKagpnq7
gSu1MN+r7Q/IBf722Xqi82y9BBV+NlWH967dlqnH3EoxiHK5M6Y7koCdx+9HYrvs
Ib1f60ztjAwglxljqjhGVG02wJhwOqvfH2wJb78HKPJ9A3F24Y5bDyxzmB1J2Pjm
fT5vYyOXGUIoY4U8062yaqPI6OJedhKgJvYfnFqJCxa88RpB8sPXZlMcsm+2ajSv
kA7X7fS7eNj/gPAXgUEkjJaK8r6sDB5MzhRZ1OvJevbRpHR7GYczfAfgFeqJNSEx
IleDjdlHzS7T25oRRIFQ
=4pvR
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.