Bug 457858 (CVE-2008-3275) - CVE-2008-3275 Linux kernel local filesystem DoS
Summary: CVE-2008-3275 Linux kernel local filesystem DoS
Status: CLOSED ERRATA
Alias: CVE-2008-3275
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,source=vendorsec,repo...
Keywords: Security
: 457812 (view as bug list)
Depends On: 457859 457860 457861 457862 457863 457864 457865 457866
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-05 02:10 UTC by Eugene Teo (Security Response)
Modified: 2019-06-08 12:34 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2010-12-23 21:47:43 UTC


Attachments (Terms of Use)
Upstream patch for this issue (2.35 KB, patch)
2008-08-05 02:13 UTC, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for RHEL-4.8 (2.23 KB, patch)
2008-08-06 02:27 UTC, Eugene Teo (Security Response)
no flags Details | Diff
Proposed backported patch for RHEL-5.3 (2.27 KB, patch)
2008-08-06 02:28 UTC, Eugene Teo (Security Response)
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0787 normal SHIPPED_LIVE Important: kernel security update 2009-01-05 07:08:54 UTC
Red Hat Product Errata RHSA-2008:0857 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-10-07 19:18:59 UTC
Red Hat Product Errata RHSA-2008:0885 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-09-24 18:45:31 UTC
Red Hat Product Errata RHSA-2008:0973 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-12-17 03:18:50 UTC
Red Hat Product Errata RHSA-2009:0001 normal SHIPPED_LIVE Important: kernel security update 2009-01-08 15:47:52 UTC
Red Hat Product Errata RHSA-2009:0014 normal SHIPPED_LIVE Important: kernel security and bug fix update 2009-01-14 18:05:34 UTC

Description Eugene Teo (Security Response) 2008-08-05 02:10:17 UTC
Description of problem:
Zoltan Sogor noticed this VFS behaviour while testing UBIFS. Lookup can install a child dentry for a deleted directory. This keeps the directory dentry alive, and the inode pinned in the cache and on disk, even after all external references have gone away.

This isn't a big problem normally, since memory pressure or umount will clear out the directory dentry and its children, releasing the inode. But for UBIFS this causes problems because its orphan area can overflow.

http://lkml.org/lkml/2008/7/2/83
http://www.linux-mtd.infradead.org/doc/ubifs.html

Comment 2 Eugene Teo (Security Response) 2008-08-05 02:13:43 UTC
Created attachment 313417 [details]
Upstream patch for this issue

Comment 6 Eugene Teo (Security Response) 2008-08-06 02:27:20 UTC
Created attachment 313514 [details]
Proposed backported patch for RHEL-4.8

Comment 7 Eugene Teo (Security Response) 2008-08-06 02:28:12 UTC
Created attachment 313515 [details]
Proposed backported patch for RHEL-5.3

Comment 9 Linda Wang 2008-08-19 22:20:36 UTC
*** Bug 457812 has been marked as a duplicate of this bug. ***

Comment 12 Vincent Danen 2010-12-23 21:47:43 UTC
This was addressed via:

Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787)
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)
Red Hat Enterprise Linux version 5 (RHSA-2008:0885)
Red Hat Enterprise Linux version 3 (RHSA-2008:0973)
Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001)
Red Hat Enterprise Linux version 4 (RHSA-2009:0014)


Note You need to log in before you can comment on or make changes to this bug.