Re: CVE request: kernel: tomoyo: oops in tomoyo_mount_acl()

[Eugene Teo <eugene () redhat com>]

On 06/30/2011 06:13 PM, Petr Matousek wrote:
> Description of problem:
> In tomoyo_mount_acl() since 2.6.36, kern_path() was called without
> checking dev_name != NULL. As a result, an unprivileged user can
> trigger oops by issuing mount(NULL, "/", "ext3", 0, NULL) request.
>
> Upstream fix:
> 4e78c724d47e2342aa8fde61f6b8536f662f795f

Use CVE-2011-2518.

Eugene