Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 492538 (CVE-2013-6382)

Summary: Kernel : fs: xfs: missing check for ZERO_SIZE_PTR (CVE-2013-6382)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: CONFIRMED ---    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1033603
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-11-25 19:52:21 UTC
From ${URL} :

Linux kernel built a XFS file system support(CONFIG_XFS_FS) is vulnerable to
an invalid pointer dereference flaw.

Upstream fix:
-------------
 -> http://www.spinics.net/lists/xfs/msg23343.html
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 21:56:45 UTC
CVE-2013-6382 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6382):
  Multiple buffer underflows in the XFS implementation in the Linux kernel
  through 3.12.1 allow local users to cause a denial of service (memory
  corruption) or possibly have unspecified other impact by leveraging the
  CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2)
  XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value,
  related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the
  xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.