Bug 457858 - (CVE-2008-3275) CVE-2008-3275 Linux kernel local filesystem DoS
CVE-2008-3275 Linux kernel local filesystem DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,source=vendorsec,repo...
: Security
: 457812 (view as bug list)
Depends On: 457859 457860 457861 457862 457863 457864 457865 457866
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-04 22:10 EDT by Eugene Teo (Security Response)
Modified: 2010-12-23 16:47 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-23 16:47:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for this issue (2.35 KB, patch)
2008-08-04 22:13 EDT, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for RHEL-4.8 (2.23 KB, patch)
2008-08-05 22:27 EDT, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for RHEL-5.3 (2.27 KB, patch)
2008-08-05 22:28 EDT, Eugene Teo (Security Response)
no flags Details | Diff

  None (edit)
Description Eugene Teo (Security Response) 2008-08-04 22:10:17 EDT
Description of problem:
Zoltan Sogor noticed this VFS behaviour while testing UBIFS. Lookup can install a child dentry for a deleted directory. This keeps the directory dentry alive, and the inode pinned in the cache and on disk, even after all external references have gone away.

This isn't a big problem normally, since memory pressure or umount will clear out the directory dentry and its children, releasing the inode. But for UBIFS this causes problems because its orphan area can overflow.

http://lkml.org/lkml/2008/7/2/83
http://www.linux-mtd.infradead.org/doc/ubifs.html
Comment 2 Eugene Teo (Security Response) 2008-08-04 22:13:43 EDT
Created attachment 313417 [details]
Upstream patch for this issue
Comment 6 Eugene Teo (Security Response) 2008-08-05 22:27:20 EDT
Created attachment 313514 [details]
Proposed backported patch for RHEL-4.8
Comment 7 Eugene Teo (Security Response) 2008-08-05 22:28:12 EDT
Created attachment 313515 [details]
Proposed backported patch for RHEL-5.3
Comment 9 Linda Wang 2008-08-19 18:20:36 EDT
*** Bug 457812 has been marked as a duplicate of this bug. ***
Comment 12 Vincent Danen 2010-12-23 16:47:43 EST
This was addressed via:

Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787)
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)
Red Hat Enterprise Linux version 5 (RHSA-2008:0885)
Red Hat Enterprise Linux version 3 (RHSA-2008:0973)
Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001)
Red Hat Enterprise Linux version 4 (RHSA-2009:0014)

Note You need to log in before you can comment on or make changes to this bug.