oss-sec mailing list archives
CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation.
From: Wade Mealing <wmealing () redhat com>
Date: Thu, 15 Aug 2019 13:37:57 +1000
Red Hats kernel has a flaw in overlayfs which can cause a kernel panic and possibly memory corruption. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. The ovl_create function can return a positive number leading to a null pointer derference of path in may_open. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a Denial Of Service (DOS) and possibly other memory corruption. The memory corruption claim may be a bit of a stretch, but it could be possible that an attacker could pre-groom the memory where the null pointer dereference exists, but I couldn't get this to work in practice, YMMV. This flaw likely only affects Red Hat Enterprise Linux 7 based products as this issue was created by by human-error in the back-porting process. It is very unlikely that non Red Hat Enterprise Linux derived distributions contain this flaw. Thanks, Wade Mealing Red Hat Product Security Red Hat bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10140 Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1535840
Current thread:
- CVE-2019-10140 - linux kernel - system panic in overlayfs directory creation. Wade Mealing (Aug 14)