oss-sec mailing list archives
CVE Request: Linux Kernel unbound recursion in ISOFS
From: Marcus Meissner <meissner () suse de>
Date: Tue, 26 Aug 2014 10:33:08 +0200
Hi,
From the google security research team:
https://code.google.com/p/google-security-research/issues/detail?id=88 fixed in https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 commit 410dd3cf4c9b36f27ed4542ee18b1af5e68645a4 Author: Jan Kara <jack () suse cz> Date: Sun Aug 17 11:49:57 2014 +0200 isofs: Fix unbounded recursion when processing relocated directories We did not check relocated directory in any way when processing Rock Ridge 'CL' tag. Thus a corrupted isofs image can possibly have a CL entry pointing to another CL entry leading to possibly unbounded recursion in kernel code and thus stack overflow or deadlocks (if there is a loop created from CL entries). Fix the problem by not allowing CL entry to point to a directory entry with CL entry (such use makes no good sense anyway) and by checking whether CL entry doesn't point to itself. CC: stable () vger kernel org Reported-by: Chris Evans <cevans () google com> Signed-off-by: Jan Kara <jack () suse cz> This still needs a CVE. Ciao, Marcus
Current thread:
- CVE Request: Linux Kernel unbound recursion in ISOFS Marcus Meissner (Aug 26)
- Re: CVE Request: Linux Kernel unbound recursion in ISOFS cve-assign (Aug 26)