oss-sec mailing list archives
Re: CVE request: kernel: btrfs heap overflow
From: Eugene Teo <eugene () redhat com>
Date: Thu, 10 Feb 2011 00:03:26 +0800
On 02/10/2011 12:01 AM, Eugene Teo wrote:
On 02/09/2011 11:49 PM, Dan Rosenberg wrote:I'm not aware of any distributions that support 2.6.37 kernels, but as far as I know this doesn't affect CVE eligibility (please correct me if I'm wrong).Ok, I'm just asking. Please use CVE-2011-0696.
Wrong, race condition. Please use CVE-2011-0699 instead. Thanks, Eugene
EugeneOn Wed, Feb 9, 2011 at 10:20 AM, Eugene Teo<eugene () redhat com> wrote:On 02/09/2011 10:27 PM, Dan Rosenberg wrote:Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored btrfs_ioctl_space_info() and introduced security issues. Since they were all introduced at once and fixed at the same time, one CVE should suffice. Due to integer truncation or a signedness error in a typecasted comparison, an integer overflow in an allocation size calculation, and a failure to properly check bounds when copying data, it was possible for an unprivileged user to cause a denial-of-service due to writing to an invalid pointer (ZERO_SIZE_PTR) or cause a kernel heap overflow. -Dan [1] http://marc.info/?l=linux-kernel&m=129726078708425&w=2Commit bf5fc093c was introduced very recently - v2.6.37-rc1 Sept last year. Do we have commercially supported kernels that are affected by this? Thanks, Eugene
Current thread:
- CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Steven M. Christey (Feb 10)
- Re: CVE request: kernel: btrfs heap overflow Dan Rosenberg (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Stéphane Gaudreault (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Moritz Muehlenhoff (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Greg KH (Feb 09)
- Re: CVE request: kernel: btrfs heap overflow Eugene Teo (Feb 09)