oss-sec mailing list archives

Re: CVE Request -- kernel: ext4: ext4_ext_insert_extent() kernel oops


From: Eugene Teo <eugene () redhat com>
Date: Mon, 24 Oct 2011 15:56:44 +0800

On 10/21/2011 09:24 PM, Petr Matousek wrote:
A flaw was found in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. Althrough ex has been updated
in memory, it is not dirtied both in ext4_ext_convert_to_initialized()
and ext4_ext_insert_extent(). The disk layout is corrupted. Then it
will meet with a BUG_ON() when writting at the start of that extent
again.

Local unprivileged users can use this flaw to crash the system when ext4
filesystem is in use.

Introduced in:
56055d3ae4cc7fa6d2b10885f20269de8a989ed7

Upstream fix:
667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3

Credits:
Zheng Liu

References:
https://bugzilla.redhat.com/show_bug.cgi?id=747942

Thanks,

Use CVE-2011-3638.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team


Current thread: