oss-sec mailing list archives
CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages()
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 24 Jan 2016 07:47:46 +0100
Hi Can you assign a CVE for the following issue found https://bugzilla.redhat.com/show_bug.cgi?id=1290642
A patch was posted to fix an issue regarding unkillable task eating CPU. The problem is in the fuse_fill_write_pages() function. When a user calls the sys_writev syscall with specially crafted sequence of iovs the kernel function may never terminate and continue in a tight loop, the process is unable to be killed.
Introduced in: https://git.kernel.org/linus/ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1) Fixed by: https://git.kernel.org/linus/3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5) Regards, Salvatore
Current thread:
- CVE Request: Linux: fuse: possible denial of service in fuse_fill_write_pages() Salvatore Bonaccorso (Jan 23)