oss-sec mailing list archives

Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors

From: Vladis Dronov <vdronov () redhat com>
Date: Wed, 18 Oct 2017 08:21:11 -0400 (EDT)

Hello,

A patch fixing this issue was accepted upstream:

commit 95d78c28b5a85bacbc29b8dba7c04babb9b0d467 fix unbalanced page refcounting in bio_map_user_iov

I would also consider next 2 related patches if backporting:

commit 2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058 more bio_map_user_iov() leak fixes
commit 1cfd0ddd82232804e03f3023f6a58b50dfef0574 bio_copy_user_iov(): don't ignore ->iov_offset #v4.5+

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Current thread:

CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 10)
- Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 17)
- Re: CVE-2017-12190: Linux kernel: block: memory leak when merging small consecutive buffers in SCSI IO vectors Vladis Dronov (Oct 18)