Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 273922 (CVE-2009-1961)

Summary: Kernel: <2.6.30-rc3 fs/ocfs2/file.c DOS (CVE-2009-1961)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: KernelAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: hardened-kernel+disabled, kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17
Whiteboard: [linux >=2.6.19 <2.6.27] [linux >=2.6.27 <2.6.27.24] [linux >=2.6.28 <2.6.28.9] [linux >=2.6.29 <2.6.29.4]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 21:12:28 UTC 
CVE-2009-1961 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1961):
  The inode double locking code in fs/ocfs2/file.c in the Linux kernel
  2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before
  2.6.29.4, and possibly other versions down to 2.6.19 allows local
  users to cause a denial of service (prevention of file creation and
  removal) via a series of splice system calls that trigger a deadlock
  between the generic_file_splice_write, splice_from_pipe, and
  ocfs2_file_splice_write functions.