oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request: Linux Kernel unbound recursion in ISOFS

From: Marcus Meissner <meissner () suse de>
Date: Tue, 26 Aug 2014 10:33:08 +0200
Hi,


From the google security research team:

https://code.google.com/p/google-security-research/issues/detail?id=88

fixed in
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
Author: Jan Kara <jack () suse cz>
Date:   Sun Aug 17 11:49:57 2014 +0200

    isofs: Fix unbounded recursion when processing relocated directories

    We did not check relocated directory in any way when processing Rock
    Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL
    entry pointing to another CL entry leading to possibly unbounded
    recursion in kernel code and thus stack overflow or deadlocks (if there
    is a loop created from CL entries).

    Fix the problem by not allowing CL entry to point to a directory entry
    with CL entry (such use makes no good sense anyway) and by checking
    whether CL entry doesn't point to itself.

    CC: stable () vger kernel org
    Reported-by: Chris Evans <cevans () google com>
    Signed-off-by: Jan Kara <jack () suse cz>

This still needs a CVE.

Ciao, Marcus
Previous By Date Next
Previous By Thread Next

Current thread: