oss-sec mailing list archives

CVE request: kernel: tomoyo: oops in tomoyo_mount_acl()

From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 30 Jun 2011 12:13:01 +0200

Description of problem:
In tomoyo_mount_acl() since 2.6.36, kern_path() was called without
checking dev_name != NULL. As a result, an unprivileged user can
trigger oops by issuing mount(NULL, "/", "ext3", 0, NULL) request.

Upstream fix:
4e78c724d47e2342aa8fde61f6b8536f662f795f

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE request: kernel: tomoyo: oops in tomoyo_mount_acl() Petr Matousek (Jun 30)