Bug 1396941 (CVE-2016-9685)
Summary: | CVE-2016-9685 kernel: Memory leaks in xfs_attr_list.c error paths | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aquini, bhu, dhoward, fhrbata, iboverma, jkacur, joelsmith, jross, kernel-mgr, lgoncalv, matt, mcressma, nmurray, pholasek, plougher, rvrbovsk, security-response-team, vdronov, williams, wmealing |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the Linux kernel's implementation of XFS file attributes. Two memory leaks were detected in xfs_attr_shortform_list and xfs_attr3_leaf_list_int when running a docker container backed by xfs/overlay2. A dedicated attacker could possible exhaust all memory and create a denial of service situation.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:02:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1391223, 1400368 | ||
Bug Blocks: | 1396942 |
Description
Adam Mariš
2016-11-21 09:02:52 UTC
Acknowledgments: Name: Qian Cai (Red Hat) CVE assignment: http://seclists.org/oss-sec/2016/q4/545 Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1400368] Statement: This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6 and 7. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 This issue has been addressed in the following products: Red Hat Enterprise MRG 2 Via RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 |