Date: Thu, 15 Aug 2019 13:37:57 +1000 From: Wade Mealing <wmealing@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. Red Hats kernel has a flaw in overlayfs which can cause a kernel panic and possibly memory corruption. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. The ovl_create function can return a positive number leading to a null pointer derference of path in may_open. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a Denial Of Service (DOS) and possibly other memory corruption. The memory corruption claim may be a bit of a stretch, but it could be possible that an attacker could pre-groom the memory where the null pointer dereference exists, but I couldn't get this to work in practice, YMMV. This flaw likely only affects Red Hat Enterprise Linux 7 based products as this issue was created by by human-error in the back-porting process. It is very unlikely that non Red Hat Enterprise Linux derived distributions contain this flaw. Thanks, Wade Mealing Red Hat Product Security Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1535840
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.