oss-sec mailing list archives

Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables

From: Eugene Teo <eugene () redhat com>
Date: Fri, 03 Jun 2011 14:47:39 +0800

On 02/25/2011 04:22 AM, Josh Bressers wrote:


----- Original Message -----

On Thu, 2011-02-24 at 09:25 +0800, Eugene Teo wrote:

On 02/24/2011 03:59 AM, Josh Bressers wrote:

----- Original Message -----


The kernel automatically evaluates partition tables of storage
devices.  The code for evaluating LDM partitions (in
fs/partitions/ldm.c) contains a bug that allows to overflow the
kernel heap. It may be possible to escalate privileges by exploiting
this bug.

[...]

I would still like something along the lines of a proposed patch. I believe
you folks (as you're much brighter than me), but I still don't quite grasp
the difference. I suspect there is enough public information for MITRE to
public a CVE though, so please use CVE-2011-1017.


It was reported that the fix for this is insufficient. I have assigned
CVE-2011-2182 to this. See https://lkml.org/lkml/2011/5/6/407.

Timo, can you please post the patch here once you have submitted it to
lkml for review. Thanks.

Eugene

Current thread:

Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Apr 12)
- <Possible follow-ups>
- Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Eugene Teo (Jun 02)
  - Re: CVE request: kernel: fs/partitions: Kernel heap overflow via corrupted LDM partition tables Timo Warns (Jun 05)