oss-sec mailing list archives
CVE request - kernel: fuse_ioctl_copy_user() dos
From: Eugene Teo <eugene () redhat com>
Date: Wed, 23 Dec 2009 14:40:04 +0800
Reported by David Shaw. There is a problem in the ioctl handler in the fuse kernel code that causes a panic under some circumstances.
fuse_ioctl_copy_user() was introduced in 59efec7b (v2.6.29-rc1, 2008-11-26). This was fixed upstream but was missed in 2.6.30.y. The most recent 2.6.31/32.y kernels already have this fix. So this only affects distros that are still using 2.6.30.y.
http://git.kernel.org/linus/0bd87182d3ab18a32a8e9175d3f68754c58e3432 https://bugzilla.redhat.com/show_bug.cgi?id=549400 Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Current thread:
- CVE request - kernel: fuse_ioctl_copy_user() dos Eugene Teo (Dec 22)
- Re: CVE request - kernel: fuse_ioctl_copy_user() dos Steven M. Christey (Dec 23)