Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 551026 - Kernel: crash/DoS when built with CONFIG_UDF_FS (awaiting CVE(s))
Summary: Kernel: crash/DoS when built with CONFIG_UDF_FS (awaiting CVE(s))
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-02 18:20 UTC by Sam James
Modified: 2022-03-25 22:30 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2015-06-02 18:20:52 UTC 
From above link:
----

   Hello,

Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is 
vulnerable to a crash. It could occur while fetching inode information from a 
corrupted/malicious udf file system image.

An unprivileged user could use this flaw to crash the kernel resulting in 
DoS.

Upstream fix:
-------------
   -> https://git.kernel.org/linus/23b133bdc452aa441fcb9b82cbf6dd05cfd342d0  


Thank you 'Carl H Lunde' for reporting this issue.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
----

Reproducible: Always
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2015-06-02 18:22:20 UTC 
Additional DoS bug(s) distinct from OP.
http://www.openwall.com/lists/oss-security/2015/06/02/7

----
    Hello,

Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is 
vulnerable to a crash. It could occur while reading from a corrupted/malicious 
udf file system image.

An unprivileged user could use this flaw to crash the kernel resulting in DoS.

Upstream fixes:
---------------
   -> https://git.kernel.org/linus/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58
   -> https://git.kernel.org/linus/e237ec37ec154564f8690c5bd1795339955eeef9
   -> https://git.kernel.org/linus/a1d47b262952a45aae62bd49cfaf33dd76c11a2c

Thank you 'Carl H Lunde' for reporting this issue.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
----
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:30:47 UTC 
Fix in 4.0