oss-sec mailing list archives

Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file

From: Josh Bressers <bressers () redhat com>
Date: Fri, 15 Jul 2011 13:05:08 -0400 (EDT)

Please use CVE-2011-2695.

Thanks.

-- 
    JB


----- Original Message -----

If an extent exists which includes the block right before the maximum
file offset, and the block for the maximum file offset is written,
the kernel panics. For 4KB block size, the problem only occurs on
x86_64 architecture. For 1KB or 2KB block size, the problem occurs on
both i386 and x86_64.

Local unprivileged users can use this flaw to crash the system when
ext4
filesystem is in use.

Upstream fix:
f17722f917b2f21497deb6edc62fb1683daa08e6

References:
https://bugzilla.redhat.com/show_bug.cgi?id=722557
http://www.spinics.net/lists/linux-ext4/msg25697.html

Thanks,
--
Petr Matousek / Red Hat Security Response Team

Current thread:

CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Petr Matousek (Jul 15)
- Re: CVE Request -- kernel: ext4: kernel panic when writing data to the last block of sparse file Josh Bressers (Jul 15)