[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation.
From:       Wade Mealing <wmealing () redhat ! com>
Date:       2019-08-15 3:37:57
Message-ID: CALJHwhSEmNwChg-TCRYpyUGZWOM37zofntrsMk_WSEBbeZW3Vg () mail ! gmail ! com
[Download RAW message or body]


Red Hats kernel has a flaw in overlayfs which can cause a kernel panic and
possibly memory corruption.

An attacker with local access can create a denial of service situation via
NULL pointer dereference in ovl_posix_acl_create function in
fs/overlayfs/dir.c. The ovl_create function can return a positive number
leading to a null pointer derference of path in may_open. This can allow
attackers with ability to create directories on overlayfs to crash the
kernel creating a Denial Of Service (DOS) and possibly other memory
corruption.

The memory corruption claim may be a bit of a stretch, but it could be
possible that an attacker could pre-groom the memory where the null pointer
dereference exists, but I couldn't get this to work in practice, YMMV.

This flaw likely only affects Red Hat Enterprise Linux 7 based products as
this issue was created by by human-error in the back-porting process.  It
is very unlikely that non Red Hat Enterprise Linux derived distributions
contain this flaw.

Thanks,

Wade Mealing
Red Hat Product Security


Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140

Proposed patch:
https://bugzilla.redhat.com/attachment.cgi?id=1535840


[prev in list] [next in list] [prev in thread] [next in thread]