Home page logo

oss-sec logo oss-sec mailing list archives

CVE request - Linux kernel: VFAT slab-based buffer overflow
From: "Joshua J. Drake" <oss-sec-vfat () qoop org>
Date: Tue, 26 Feb 2013 11:56:02 -0600


I'd like to request a CVE for an issue leading to a buffer overflow of
a slab allocated buffer in the VFAT file system code. The issue
manifests when converting UTF8 characters to UTF16 inside the
"utf8s_to_utf16s" function. Reaching this code requires writing to a
VFAT partition that has been mounted with the "utf8" option. Ubuntu
10.04 mounts USB sticks with this option by default. Most Android
devices mount eMMC/SD cards/etc with this option.

The issue affects kernels prior to 3.2. Many Android devices remain
affected today.

I'm not entirely sure when the issue was introduced at this moment. It
appears to have been introduced here:

The issue was fixed here:

The issue was partially disclosed here (this spurred my investigation):

Props to G13 for finding it. It's pretty disappointing that
Google/Android security teams (and of course Linux maintainers) didn't
responsibly disclose the issue so other Linux kernel packagers could
package a fix.

If anyone wishes to contact me off-list with questions or concerns,
feel free. 


Joshua J. Drake

Attachment: signature.asc
Description: Digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]