Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request -- kernel: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 8 Sep 2011 18:17:26 +0200

FUSE_NOTIFY_INVAL_ENTRY didn't check the length of the write so the
message processing could overrun and result in a BUG_ON() in
fuse_copy_fill().

User able to mount FUSE filesystems can use this flaw to crash the
system.

References:
http://permalink.gmane.org/gmane.linux.kernel.commits.head/313266
http://sourceforge.net/mailarchive/forum.php?thread_name=87liut4i7w.fsf%40tucsk.pomaz.szeredi.hu&forum_name=fuse-devel

Upstream fix:
c2183d1e9b3f313dd8ba2b1b0197c8d9fb86a7ae

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]