Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 398425 (CVE-2012-0038) - Kernel: XFS heap overflow (CVE-2012-0038)
Summary: Kernel: XFS heap overflow (CVE-2012-0038)
Status: RESOLVED FIXED
Alias: CVE-2012-0038
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-10 19:40 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-01-10 19:40:31 UTC
From oss-security mailing list at $URL:


Commit ef14f0c1578dce4b688726eb2603e50b62d6665a introduced an integer
overflow in the ACL handling code, which could further lead to
heap-based buffer overflow via a crafted filesystem.

Upstream commits:
http://git.kernel.org/linus/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba
http://git.kernel.org/linus/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce

Both commits are needed to fix the vulnerability.

The vulnerability seems to first appear in 2.6.32-rc1.  3.2 contains
only the first commit.
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-11 15:40:35 UTC
Secunia advisory:

https://secunia.com/advisories/47488/
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:55:04 UTC
There are no longer any 2.x or <3.1.9 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.