Re: [oss-security] CVE request: kernel: btrfs heap overflow

I'm not aware of any distributions that support 2.6.37 kernels, but as
far as I know this doesn't affect CVE eligibility (please correct me
if I'm wrong).

-Dan

On Wed, Feb 9, 2011 at 10:20 AM, Eugene Teo <eugene@redhat.com> wrote:
> On 02/09/2011 10:27 PM, Dan Rosenberg wrote:
>>
>> Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored
>> btrfs_ioctl_space_info() and introduced security issues.  Since they
>> were all introduced at once and fixed at the same time, one CVE should
>> suffice.
>>
>> Due to integer truncation or a signedness error in a typecasted
>> comparison, an integer overflow in an allocation size calculation, and
>> a failure to properly check bounds when copying data, it was possible
>> for an unprivileged user to cause a denial-of-service due to writing
>> to an invalid pointer (ZERO_SIZE_PTR) or cause a kernel heap overflow.
>>
>> -Dan
>>
>> [1] http://marc.info/?l=linux-kernel&m=129726078708425&w=2
>
> Commit bf5fc093c was introduced very recently - v2.6.37-rc1 Sept last year.
> Do we have commercially supported kernels that are affected by this?
>
> Thanks, Eugene
>

• This message: [ Message body ]
• Next message: Josh Bressers: "[oss-security] Django multiple flaws (CVEs inside)"
• Previous message: Josh Bressers: "Re: [oss-security] CVE assignments for Wireshark"
• In reply to: Eugene Teo: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"
• Next in thread: Eugene Teo: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"
• Reply: Eugene Teo: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"
• Reply: Stéphane Gaudreault: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"
• Reply: Moritz Muehlenhoff: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"
• Reply: Greg KH: "Re: [oss-security] CVE request: kernel: btrfs heap overflow"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]