|
Message-ID: <2099385299.694911259086011108.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Tue, 24 Nov 2009 13:06:51 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: fuse: prevent fuse_put_request on invalid pointer Please use CVE-2009-4021 Thanks. -- JB ----- "Eugene Teo" <eugeneteo@...nel.sg> wrote: > "fuse_direct_io() has a loop where requests are allocated in each > iteration. if allocation fails, the loop is broken out and follows > into > an unconditional fuse_put_request() on that invalid pointer." > > Upstream commit: > http://git.kernel.org/linus/f60311d5f7670d9539b424e4ed8b5c0872fc9e83 > > This can be triggered when the system is low on memory, and when the > fuse_request_alloc() function called from fuse_get_req() fails. The > fuse_put_request() function will then dereference the invalid pointer > > returned, resulting in a kernel oops. > > This was introduced in 413ef8cb (v2.6.14-rc1) and fixed in > v2.6.32-rc7. > > https://bugzilla.redhat.com/538734 > > Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.