Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 827863 (CVE-2021-3802) - <sys-fs/udisks-2.9.4: Denial of service (CVE-2021-3802)
Summary: <sys-fs/udisks-2.9.4: Denial of service (CVE-2021-3802)
Status: IN_PROGRESS
Alias: CVE-2021-3802
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.syss.de/fileadmin/dokumen...
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 828407
Blocks:
  Show dependency tree
 
Reported: 2021-11-29 23:06 UTC by Sam James
Modified: 2022-05-21 00:28 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-29 23:06:31 UTC
Description:
"Several user-accessible mount helpers use insecure defaults which allow
ext2/3/4 file systems to cause a denial of service (kernel panic) upon mounting a
crafted image.  This is especially relevant when mounts can be caused by
unprivileged users or are configured to happen automatically and completely
unauthorized."

Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt

Fixed in 2.9.4.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-20 18:27:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3a44ae812a379a33f99bd0f7f474b6e37ced1d4

commit b3a44ae812a379a33f99bd0f7f474b6e37ced1d4
Author:     Pacho Ramos <pacho@gentoo.org>
AuthorDate: 2022-05-20 18:26:56 +0000
Commit:     Pacho Ramos <pacho@gentoo.org>
CommitDate: 2022-05-20 18:27:23 +0000

    sys-fs/udisks: drop 2.9.3
    
    Bug: https://bugs.gentoo.org/827863
    Signed-off-by: Pacho Ramos <pacho@gentoo.org>

 sys-fs/udisks/Manifest            |   1 -
 sys-fs/udisks/udisks-2.9.3.ebuild | 135 --------------------------------------
 2 files changed, 136 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-21 00:28:40 UTC
Thanks!