Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111021132429.GB10069@dhcp-25-225.brq.redhat.com>
Date: Fri, 21 Oct 2011 15:24:30 +0200
From: Petr Matousek <pmatouse@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops

A flaw was found in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. Althrough ex has been updated
in memory, it is not dirtied both in ext4_ext_convert_to_initialized()
and ext4_ext_insert_extent(). The disk layout is corrupted. Then it
will meet with a BUG_ON() when writting at the start of that extent
again.

Local unprivileged users can use this flaw to crash the system when ext4
filesystem is in use.

Introduced in:
56055d3ae4cc7fa6d2b10885f20269de8a989ed7

Upstream fix:
667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3

Credits:
Zheng Liu

References:
https://bugzilla.redhat.com/show_bug.cgi?id=747942

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.