Date: Fri, 12 Nov 2010 08:17:08 -0500 (EST) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: kernel: Multiple DoS issues in block layer ----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote: > A series of fixes were committed to address several issues I reported in > the block layer. These issues require the ability to send device ioctls > to a SCSI device, which is typically possible for users with group > 'cdrom' or similar. > > 1. Due to integer underflow and overflow issues when determining the > number of pages required for maliciously crafted I/O requests, a local > user could send a device ioctl that results in the sequential allocation > of a very large number of pages, causing the OOM killer to be invoked and > crashing the system: > > http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=cb4644cac4a2797afc847e6c92736664d4b0ea34 Use CVE-2010-4162 for this one. > > 2. By submitting certain I/O requests with 0 length, a local user could > cause a kernel panic: > > http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9284bcf4e335e5f18a8bc7b26461c33ab60d0689 > Use CVE-2010-4163 > > > In addition to the fixes for these identified issues, there were also > patches committed for improved sanity checking on I/O requests, and > checks to prevent integer overflows in heap allocation sizes. In my > testing, I wasn't able to exploit these issues, so just FYI: > > http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=9f864c80913467312c7b8690e41fb5ebd1b50e92 > http://git.kernel.org/?p=linux/kernel/git/axboe/linux-2.6-block.git;a=commit;h=f3f63c1c28bc861a931fac283b5bc3585efb8967 > I'm not assigning anythign to these, but if someone wants IDs, I'll gladly do it. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ