oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: kernel: btrfs heap

Re: [oss-security] CVE request: kernel: btrfs heap overflow

From: Stéphane Gaudreault <stephane_at_nospam>
Date: Wed Feb 09 2011 - 16:27:13 GMT
To: oss-security@lists.openwall.com

ArchLinux support 2.6.37, although it is not commercial.

Stéphane

Le 9 février 2011 10:49:35, Dan Rosenberg a écrit :
> I'm not aware of any distributions that support 2.6.37 kernels, but as
> far as I know this doesn't affect CVE eligibility (please correct me
> if I'm wrong).
>
> -Dan
>
> On Wed, Feb 9, 2011 at 10:20 AM, Eugene Teo <eugene@redhat.com> wrote:
> > On 02/09/2011 10:27 PM, Dan Rosenberg wrote:
> >> Commit bf5fc093c5b625e4259203f1cee7ca73488a5620 refactored
> >> btrfs_ioctl_space_info() and introduced security issues. Since they
> >> were all introduced at once and fixed at the same time, one CVE should
> >> suffice.
> >>
> >> Due to integer truncation or a signedness error in a typecasted
> >> comparison, an integer overflow in an allocation size calculation, and
> >> a failure to properly check bounds when copying data, it was possible
> >> for an unprivileged user to cause a denial-of-service due to writing
> >> to an invalid pointer (ZERO_SIZE_PTR) or cause a kernel heap overflow.
> >>
> >> -Dan
> >>
> >> [1] http://marc.info/?l=linux-kernel&m=129726078708425&w=2
> >
> > Commit bf5fc093c was introduced very recently - v2.6.37-rc1 Sept last
> > year. Do we have commercially supported kernels that are affected by
> > this?
> >
> > Thanks, Eugene