[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup l
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-02-28 16:09:26
Message-ID: 4F4CFC36.7050101 () redhat ! com
[Download RAW message or body]
On 02/28/2012 08:15 AM, Petr Matousek wrote:
> The cifs code will attempt to open files on lookup under certain
> circumstances. What happens though if we find that the file we opened
> was actually a FIFO or other special file? Currently, the open
> filehandle just ends up being leaked leading to a dentry refcount
> mismatch and oops on umount.
>
> An unprivileged local user could use this flaw to crash the system.
>
> Introduced by:
> a6ce4932fbdbcd8f8e8c6df76812014351c32892 (Linux kernel 2.6.31)
>
> Proposed upstream patch:
> http://thread.gmane.org/gmane.linux.kernel.cifs/5526
>
> References:
> https://bugzilla.redhat.com/show_bug.cgi?id=798293
> http://thread.gmane.org/gmane.linux.kernel.cifs/5526
>
> Thanks,
Please use CVE-2012-1090 for this issue.
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic