Gentoo Bug 234812 - Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	234812
Alias:
Product:
Component:
Status:	ASSIGNED
Resolution:
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 234812 depends on:			Show dependency tree Show dependency graph
Bug 234812 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as ASSIGNED
Resolve bug, changing resolution to
Resolve bug, mark it as duplicate of bug #
Reassign bug to
Reassign bug to default assignee of selected component

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-08-15 12:47 0000

CVE-2008-3534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534):
  The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in
  the Linux kernel before 2.6.26.1 allows local users to cause a denial of
  service (system crash) via a certain sequence of file create, remove, and
  overwrite operations, as demonstrated by the insserv program, related to
  allocation of "useless pages" and improper maintenance of the i_blocks count.

------- Comment #1 From Robert Buchholz 2008-08-15 12:49:45 0000 -------

Fixed in 2.6.25.14 and 2.6.26.1

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 234812

Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534)

Last modified: 2008-08-15 12:51:02 0000