Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read

[Andreas Stieger <astieger () suse com>]

Hello,


On 02/03/2017 12:29 PM, John Haxby wrote:
> On 03/02/17 05:52, Wade Mealing wrote:
> > Mounting a crafted EXT4 image read-only leads to a memory corruption and
> > SLAB-Out-of-Bounds Reads (according to KASAN).  Since the mounting
> > procedure is a privileged operation, an attacker is probably not able
> > to trigger this vulnerability on the commandline.
> > Instead the automatic mounting feature of the GUI via a crafted
> > USB-device is required.
> >
> > From full disclosure at:
> >
> > http://seclists.org/fulldisclosure/2016/Nov/75
> >
> > If it has been assigned elsewhere, I am unable to see it.
> The bugzilla link from the above isn't accessible.  Are we missing any
> useful information?


https://bugzilla.suse.com/show_bug.cgi?id=1023377#c1

RH: https://bugzilla.redhat.com/show_bug.cgi?id=1395190
ML: http://www.spinics.net/lists/linux-ext4/msg54572.html

Introduced in:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=952fc18ef9ec707ebdc16c0786ec360295e5ff15
(first in v3.6-rc1...)

Fix:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
(first in v4.10-rc1)


Andreas

-- 
Andreas Stieger <astieger () suse com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Attachment: signature.asc
Description: OpenPGP digital signature