Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 Feb 2012 09:09:26 -0700

On 02/28/2012 08:15 AM, Petr Matousek wrote:
The cifs code will attempt to open files on lookup under certain
circumstances. What happens though if we find that the file we opened
was actually a FIFO or other special file? Currently, the open
filehandle just ends up being leaked leading to a dentry refcount
mismatch and oops on umount.

An unprivileged local user could use this flaw to crash the system.

Introduced by:
a6ce4932fbdbcd8f8e8c6df76812014351c32892 (Linux kernel 2.6.31)

Proposed upstream patch:



Please use CVE-2012-1090 for this issue.

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]