Bug 2003649 (CVE-2021-3802)

Summary: CVE-2021-3802 udisks2: insecure defaults in user-accessible mount helpers allow for a DoS
Product: [Other] Security Response Reporter: Marian Rehak <mrehak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gnome-sig, saroy, tbzatek, vtrefny
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: udisks-2.9.4 Doc Type: If docs needed, set a value
Doc Text:
A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability.
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-11 04:15:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2003650, 2004422, 2004423    
Bug Blocks: 2003653, 2017003, 2027620    

Description Marian Rehak 2021-09-13 11:48:56 UTC
Several user-accessible mount helpers use insecure defaults which allow ext2/3/4 file systems to cause a denial of service (kernel panic) upon mounting a crafted image.  This is especially relevant when mounts can be caused by unprivileged users or are configured to happen automatically and completely unauthorized.

External Reference:


Comment 1 Marian Rehak 2021-09-13 11:49:16 UTC
Created udisks2 tracking bugs for this issue:

Affects: fedora-all [bug 2003650]

Comment 7 Marian Rehak 2021-09-15 09:28:56 UTC
Copyright license of original report:

Comment 9 Tomáš Bžatek 2021-10-04 12:16:38 UTC
Fix available upstream as part of the udisks-2.9.4 release: https://github.com/storaged-project/udisks/releases/tag/udisks-2.9.4

Comment 10 errata-xmlrpc 2022-05-10 13:39:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1820 https://access.redhat.com/errata/RHSA-2022:1820

Comment 11 Product Security DevOps Team 2022-05-11 04:15:27 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):