Summary: | Kernel: crash/DoS when built with CONFIG_UDF_FS (awaiting CVE(s)) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Kernel | Assignee: | Gentoo Kernel Security <security-kernel> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | hydrapolic, kernel |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/06/02/6 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sam James
2015-06-02 18:20:52 UTC
Additional DoS bug(s) distinct from OP. http://www.openwall.com/lists/oss-security/2015/06/02/7 ---- Hello, Linux kernel built with the UDF file system(CONFIG_UDF_FS) support is vulnerable to a crash. It could occur while reading from a corrupted/malicious udf file system image. An unprivileged user could use this flaw to crash the kernel resulting in DoS. Upstream fixes: --------------- -> https://git.kernel.org/linus/e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 -> https://git.kernel.org/linus/e237ec37ec154564f8690c5bd1795339955eeef9 -> https://git.kernel.org/linus/a1d47b262952a45aae62bd49cfaf33dd76c11a2c Thank you 'Carl H Lunde' for reporting this issue. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F ---- Fix in 4.0 |