oss-sec mailing list archives

CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem

From: Vladis Dronov <vdronov () redhat com>
Date: Mon, 23 Nov 2015 06:15:57 -0500 (EST)

Hello,
If possible, we would like to obtain a CVE-ID for the following security issue.

It was reported that there are some exit paths in ext4_fill_super() which result
in destruction of workqueue which is not yet initialized, leading to kernel NULL
pointer dereference. A privileged user with permission to mount a filesystem or
anybody having physical access to the system's USB port and prepared filesystem
on USB disk which will be automatically mounted can cause system panic and thus
DoS.

References:

https://bugs.openvz.org/browse/OVZ-6541 - initial public disclosure

https://bugzilla.redhat.com/show_bug.cgi?id=1267261 - red hat public bug

commit 744692dc059845b2a3022119871846e74d4f6e11 - upstream Linux kernel commit
which fixes the issue (only part of the commit is related).

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Current thread:

CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov (Nov 13)
- Re: CVE request -- [media] usbvision: usbvision_probe() can trigger a kernel NULL pointer dereference Vladis Dronov (Nov 13)
- CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem Vladis Dronov (Nov 23)
  - Re: CVE request -- linux kernel: Null pointer dereference when mounting ext4 filesystem cve-assign (Nov 23)