Bug 1611785 – CVE-2018-10924 glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1611785 - (CVE-2018-10924) CVE-2018-10924 glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client

Summary:	CVE-2018-10924 glusterfs: Denial-of-service via fsync(2) in Gluster FUSE client

Status:	CLOSED NOTABUG

Aliases:	CVE-2018-10924

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180904:0530,...
Keywords:	Security

Depends On:	1625081 1625078
Blocks:	1611787
	Show dependency tree / graph

Reported:	2018-08-02 13:58 EDT by Laura Pardo
Modified:	2018-09-11 03:36 EDT (History)
CC List:	30 users (show)

See Also:
Fixed In Version:	glusterfs-3.12.14, glusterfs-4.1.4
Doc Type:	If docs needed, set a value
Doc Text:	It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-09-04 05:07:08 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Laura Pardo 2018-08-02 13:58:52 EDT

A flaw was found in Gluster 3.12.11 and 3.12.12 FUSE client. The fsync(2) system call appears to directly or indirectly leak memory in "gf_common_mt_memdup" and "gf_common_mt_char" functions. An attacker could exploit this vulnerablity to perform a Denial of Service attack.

Comment 1 Laura Pardo 2018-08-02 13:59:04 EDT

Acknowledgments:

Name: Michael Hanselmann (hansmi.ch)

Comment 2 Doran Moppert 2018-08-15 22:06:21 EDT

This memory leak does not appear to be reproducible on glusterfs-3.8.x.  The FUSE interface changed significantly between 3.8 and 3.12.

Comment 4 Siddharth Sharma 2018-09-04 01:43:53 EDT

Created glusterfs tracking bugs for this issue:

Affects: fedora-all [bug 1625078]

Comment 6 Siddharth Sharma 2018-09-04 05:07:08 EDT

upstream fix:

https://review.gluster.org/20723

Comment 7 Siddharth Sharma 2018-09-04 09:34:57 EDT

Statement:

This issue did not affect the versions of glusterfs as shipped with Red Hat Enterprise Linux 6 and 7, and Red Hat Gluster Storage 3.

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
anoopcs
atumball
bmcclain
dbaker
dblechte
dfediuck
eedri
humble.devassy
jokerman
jonathansteffan
kkeithle
matthias
mgoldboi
michal.skrivanek
ndevos
public
ramkrsna
rhs-bugs
sankarshan
sbonazzo
security-response-team
sherold
sisharma
smohan
ssaha
sthangav
trankin
vbellur
ylavi