oss-sec mailing list archives
Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops
From: Eugene Teo <eugene () redhat com>
Date: Mon, 24 Oct 2011 15:56:44 +0800
On 10/21/2011 09:24 PM, Petr Matousek wrote:
A flaw was found in the way splitting two extents in ext4_ext_convert_to_initialized() worked. Althrough ex has been updated in memory, it is not dirtied both in ext4_ext_convert_to_initialized() and ext4_ext_insert_extent(). The disk layout is corrupted. Then it will meet with a BUG_ON() when writting at the start of that extent again. Local unprivileged users can use this flaw to crash the system when ext4 filesystem is in use. Introduced in: 56055d3ae4cc7fa6d2b10885f20269de8a989ed7 Upstream fix: 667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3 Credits: Zheng Liu References: https://bugzilla.redhat.com/show_bug.cgi?id=747942 Thanks,
Use CVE-2011-3638. Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Petr Matousek (Oct 21)
- Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops Eugene Teo (Oct 24)