Bug 1481146 (CVE-2017-10662) - CVE-2017-10662 kernel: Missing sanity check for segment count in f2fs
Summary: CVE-2017-10662 kernel: Missing sanity check for segment count in f2fs
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-10662
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20170502,reported=2...
Depends On:
Blocks: 1481154
TreeView+ depends on / blocked
 
Reported: 2017-08-14 08:35 UTC by Adam Mariš
Modified: 2019-06-08 22:13 UTC (History)
37 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
It was found that the sanity_check_raw_super() function in 'fs/f2fs/super.c' file in the Linux kernel before version 4.12-rc1 does not validate the f2fs filesystem segment count. This allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Clone Of:
Environment:
Last Closed: 2017-08-27 13:34:35 UTC


Attachments (Terms of Use)

Description Adam Mariš 2017-08-14 08:35:00 UTC
In was found that the sanity_check_raw_super() function in 'fs/f2fs/super.c' file in the Linux kernel before 4.12-rc1 does not validate the f2fs filesystem segment count, which allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

References:

https://source.android.com/security/bulletin/2017-08-01#kernel-components

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124

Comment 3 Vladis Dronov 2017-08-27 13:34:35 UTC
Statement:

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 as the code with the flaw is not built and shipped with the products listed.


Note You need to log in before you can comment on or make changes to this bug.