'Re: [oss-security] CVE request: kernel: fuse: prevent'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: kernel: fuse: prevent
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-11-24 18:06:51
Message-ID: 2099385299.694911259086011108.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

Please use CVE-2009-4021

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo@kernel.sg> wrote:

> "fuse_direct_io() has a loop where requests are allocated in each 
> iteration. if allocation fails, the loop is broken out and follows
> into 
> an unconditional fuse_put_request() on that invalid pointer."
> 
> Upstream commit:
> http://git.kernel.org/linus/f60311d5f7670d9539b424e4ed8b5c0872fc9e83
> 
> This can be triggered when the system is low on memory, and when the 
> fuse_request_alloc() function called from fuse_get_req() fails. The 
> fuse_put_request() function will then dereference the invalid pointer
> 
> returned, resulting in a kernel oops.
> 
> This was introduced in 413ef8cb (v2.6.14-rc1) and fixed in
> v2.6.32-rc7.
> 
> https://bugzilla.redhat.com/538734
> 
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic