[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation.
From: Wade Mealing <wmealing () redhat ! com>
Date: 2019-08-15 3:37:57
Message-ID: CALJHwhSEmNwChg-TCRYpyUGZWOM37zofntrsMk_WSEBbeZW3Vg () mail ! gmail ! com
[Download RAW message or body]
Red Hats kernel has a flaw in overlayfs which can cause a kernel panic and
possibly memory corruption.
An attacker with local access can create a denial of service situation via
NULL pointer dereference in ovl_posix_acl_create function in
fs/overlayfs/dir.c. The ovl_create function can return a positive number
leading to a null pointer derference of path in may_open. This can allow
attackers with ability to create directories on overlayfs to crash the
kernel creating a Denial Of Service (DOS) and possibly other memory
corruption.
The memory corruption claim may be a bit of a stretch, but it could be
possible that an attacker could pre-groom the memory where the null pointer
dereference exists, but I couldn't get this to work in practice, YMMV.
This flaw likely only affects Red Hat Enterprise Linux 7 based products as
this issue was created by by human-error in the back-porting process. It
is very unlikely that non Red Hat Enterprise Linux derived distributions
contain this flaw.
Thanks,
Wade Mealing
Red Hat Product Security
Red Hat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140
Proposed patch:
https://bugzilla.redhat.com/attachment.cgi?id=1535840
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic