oss-sec mailing list archives
CVE request - Linux kernel: VFAT slab-based buffer overflow
From: "Joshua J. Drake" <oss-sec-vfat () qoop org>
Date: Tue, 26 Feb 2013 11:56:02 -0600
All, I'd like to request a CVE for an issue leading to a buffer overflow of a slab allocated buffer in the VFAT file system code. The issue manifests when converting UTF8 characters to UTF16 inside the "utf8s_to_utf16s" function. Reaching this code requires writing to a VFAT partition that has been mounted with the "utf8" option. Ubuntu 10.04 mounts USB sticks with this option by default. Most Android devices mount eMMC/SD cards/etc with this option. The issue affects kernels prior to 3.2. Many Android devices remain affected today. I'm not entirely sure when the issue was introduced at this moment. It appears to have been introduced here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=74675a58507e769beee7d949dbed788af3c4139d The issue was fixed here: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commitdiff;h=0720a06a7518c9d0c0125bd5d1f3b6264c55c3dd The issue was partially disclosed here (this spurred my investigation): http://www.exploit-db.com/exploits/23248/ Props to G13 for finding it. It's pretty disappointing that Google/Android security teams (and of course Linux maintainers) didn't responsibly disclose the issue so other Linux kernel packagers could package a fix. If anyone wishes to contact me off-list with questions or concerns, feel free. Thanks, Joshua J. Drake jduck
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)