Gentoo Bug 234812 - Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	234812
Alias:
Product:
Component:
Status:	ASSIGNED
Resolution:
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 234812 depends on:			Show dependency tree
Bug 234812 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as ASSIGNED
Resolve bug, changing resolution to
Resolve bug, mark it as duplicate of bug #
Reassign bug to
Reassign bug to default assignee of selected component

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-08-15 12:47 0000

CVE-2008-3534 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3534):
  The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in
  the Linux kernel before 2.6.26.1 allows local users to cause a denial of
  service (system crash) via a certain sequence of file create, remove, and
  overwrite operations, as demonstrated by the insserv program, related to
  allocation of "useless pages" and improper maintenance of the i_blocks count.

------- Comment #1 From Robert Buchholz 2008-08-15 12:49:45 0000 -------

Fixed in 2.6.25.14 and 2.6.26.1

------- Comment #2 From Kerin Millar 2009-07-20 22:46:49 0000 -------

Beware, the patch introduced an independent bug which was subsequently fixed in
2.6.25.17 and 2.6.26.4 respectively:

"fbdefio: add set_page_dirty handler to deferred IO FB"
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d847471d063663b9f36927d265c66a270c0cfaab

Anyhow, hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.25-10 added 2.6.25.14. genpatches-2.6.25-3 added 2.6.26.1.

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 234812

Linux <2.6.26.1 tmpfs: fix kernel BUG in shmem_delete_inode (CVE-2008-3534)

Last modified: 2009-07-20 22:46:49 0000