Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 398425 (CVE-2012-0038)

Summary: Kernel: XFS heap overflow (CVE-2012-0038)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2012/01/10/9
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-01-10 19:40:31 UTC 
From oss-security mailing list at $URL:


Commit ef14f0c1578dce4b688726eb2603e50b62d6665a introduced an integer
overflow in the ACL handling code, which could further lead to
heap-based buffer overflow via a crafted filesystem.

Upstream commits:
http://git.kernel.org/linus/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba
http://git.kernel.org/linus/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce

Both commits are needed to fix the vulnerability.

The vulnerability seems to first appear in 2.6.32-rc1.  3.2 contains
only the first commit.
Comment 1 Agostino Sarubbo gentoo-dev 2012-01-11 15:40:35 UTC 
Secunia advisory:

https://secunia.com/advisories/47488/
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:55:04 UTC 
There are no longer any 2.x or <3.1.9 kernels available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.