Bug 1746777 (CVE-2019-15538) - CVE-2019-15538 kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/xfs_iops.c
Summary: CVE-2019-15538 kernel: denial of service in in xfs_setattr_nonsize in fs/xfs/...
Keywords:
Status: NEW
Alias: CVE-2019-15538
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1746779
Blocks: 1746781
TreeView+ depends on / blocked
 
Reported: 2019-08-29 09:06 UTC by Dhananjay Arunesh
Modified: 2019-09-23 21:53 UTC (History)
39 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-08-29 09:06:41 UTC
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.

Reference:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee
https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee
https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local
https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/

Comment 1 Dhananjay Arunesh 2019-08-29 09:07:19 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1746779]


Note You need to log in before you can comment on or make changes to this bug.