oss-security - CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <20110715163949.GB16365@dhcp-25-225.brq.redhat.com>
Date: Fri, 15 Jul 2011 18:39:50 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE Request -- kernel: ext4: kernel panic when writing data to the
 last block of sparse file

If an extent exists which includes the block right before the maximum
file offset, and the block for the maximum file offset is written,
the kernel panics. For 4KB block size, the problem only occurs on
x86_64 architecture. For 1KB or 2KB block size, the problem occurs on
both i386 and x86_64.

Local unprivileged users can use this flaw to crash the system when ext4
filesystem is in use.

Upstream fix:
f17722f917b2f21497deb6edc62fb1683daa08e6

References:
https://bugzilla.redhat.com/show_bug.cgi?id=722557
http://www.spinics.net/lists/linux-ext4/msg25697.html

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.