oss-sec mailing list archives

Re: CVE request: kernel: inotify local DoS

From: "Michael K. Johnson" <johnsonm () rpath com>
Date: Thu, 19 Mar 2009 11:03:03 -0400

On Thu, Mar 19, 2009 at 02:27:36PM +0800, Eugene Teo wrote:

On Thu, Mar 19, 2009 at 1:41 AM, Michael K. Johnson <johnsonm () rpath com> wrote:

On Tue, Mar 17, 2009 at 08:39:33PM -0400, Steven M. Christey wrote:

[...]

In the 2.6.27.y stable releases, this affects 2.6.27.13 and earlier.
In the 2.6.28.y stable releases, this affects 2.6.28.2 and earlier.


The problem occurs between upstream commits 16dbc6c96163 and 3632dee2f8b8.


Thanks, Eugene!  More interpretation for those looking at various
kernel versions for those changes:

16dbc6c96163 was introduced between 2.6.27-rc8 and 2.6.27-rc9, so
2.6.26 and earlier are not affected.   The change represented by
16dbc6c96163 was also not imported into the 2.6.26.y stable release
tree during its lifetime, so no 2.6.26.y releases are affected either.

Current thread:

CVE request: kernel: inotify local DoS Eugene Teo (Mar 06)
- Re: CVE request: kernel: inotify local DoS Steven M. Christey (Mar 17)
  - Re: CVE request: kernel: inotify local DoS Michael K. Johnson (Mar 18)
    - Re: CVE request: kernel: inotify local DoS Eugene Teo (Mar 18)
    - Re: CVE request: kernel: inotify local DoS Michael K. Johnson (Mar 19)