[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- kernel: ext4: ext4_ext_insert_extent()
From:       Eugene Teo <eugene () redhat ! com>
Date:       2011-10-24 7:56:44
Message-ID: 4EA51A3C.1030009 () redhat ! com
[Download RAW message or body]

On 10/21/2011 09:24 PM, Petr Matousek wrote:
> A flaw was found in the way splitting two extents in
> ext4_ext_convert_to_initialized() worked. Althrough ex has been updated
> in memory, it is not dirtied both in ext4_ext_convert_to_initialized()
> and ext4_ext_insert_extent(). The disk layout is corrupted. Then it
> will meet with a BUG_ON() when writting at the start of that extent
> again.
> 
> Local unprivileged users can use this flaw to crash the system when ext4
> filesystem is in use.
> 
> Introduced in:
> 56055d3ae4cc7fa6d2b10885f20269de8a989ed7
> 
> Upstream fix:
> 667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
> 
> Credits:
> Zheng Liu
> 
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=747942
> 
> Thanks,

Use CVE-2011-3638.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]