Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 492538 (CVE-2013-6382)

Summary: Kernel : fs: xfs: missing check for ZERO_SIZE_PTR (CVE-2013-6382)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2013-11-25 19:52:21 UTC
From ${URL} :

Linux kernel built a XFS file system support(CONFIG_XFS_FS) is vulnerable to
an invalid pointer dereference flaw.

Upstream fix:
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2013-11-27 21:56:45 UTC
CVE-2013-6382 (
  Multiple buffer underflows in the XFS implementation in the Linux kernel
  through 3.12.1 allow local users to cause a denial of service (memory
  corruption) or possibly have unspecified other impact by leveraging the
  CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2)
  XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value,
  related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the
  xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 16:43:01 UTC
Fix is upstream as 071c529eb672648ee8ca3f90944bcbcc730b4c06 and in 3.13/3.14