[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: kernel: tomoyo: oops in tomoyo_mount_acl()
From:       Petr Matousek <pmatouse () redhat ! com>
Date:       2011-06-30 10:13:01
Message-ID: 20110630101300.GA16091 () dhcp-25-225 ! brq ! redhat ! com
[Download RAW message or body]

Description of problem:
In tomoyo_mount_acl() since 2.6.36, kern_path() was called without
checking dev_name != NULL. As a result, an unprivileged user can
trigger oops by issuing mount(NULL, "/", "ext3", 0, NULL) request.

Upstream fix:
4e78c724d47e2342aa8fde61f6b8536f662f795f

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]