[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: kernel: fuse: prevent
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-11-24 18:06:51
Message-ID: 2099385299.694911259086011108.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
Please use CVE-2009-4021
Thanks.
--
JB
----- "Eugene Teo" <eugeneteo@kernel.sg> wrote:
> "fuse_direct_io() has a loop where requests are allocated in each
> iteration. if allocation fails, the loop is broken out and follows
> into
> an unconditional fuse_put_request() on that invalid pointer."
>
> Upstream commit:
> http://git.kernel.org/linus/f60311d5f7670d9539b424e4ed8b5c0872fc9e83
>
> This can be triggered when the system is low on memory, and when the
> fuse_request_alloc() function called from fuse_get_req() fails. The
> fuse_put_request() function will then dereference the invalid pointer
>
> returned, resulting in a kernel oops.
>
> This was introduced in 413ef8cb (v2.6.14-rc1) and fixed in
> v2.6.32-rc7.
>
> https://bugzilla.redhat.com/538734
>
> Thanks, Eugene
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic