oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2013-4591 -- Linux kernel: kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached

From: Petr Matousek <pmatouse () redhat com>
Date: Mon, 18 Nov 2013 15:46:49 +0100
Commit 1f1ea6c ccidently dropped the checking for too small result
buffer length.
   
If someone uses getxattr on "system.nfs4_acl" on an NFSv4 mount
supporting ACLs, the ACL has not been cached and the buffer suplied is
too short, we still copy the complete ACL, resulting in kernel and user
space memory corruption.

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f1ea6c2d9d8c0be9ec56454b05315273b5de8ce

Upstream commit:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d3e91a89b7adbc2831334def9e494dd9892f9af

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1031678

-- 
Petr Matousek / Red Hat Security Response Team
PGP: 0xC44977CA 8107 AF16 A416 F9AF 18F3  D874 3E78 6F42 C449 77CA

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: