Red Hat Bugzilla – Bug 457858
CVE-2008-3275 Linux kernel local filesystem DoS
Last modified: 2010-12-23 16:47:43 EST
Description of problem: Zoltan Sogor noticed this VFS behaviour while testing UBIFS. Lookup can install a child dentry for a deleted directory. This keeps the directory dentry alive, and the inode pinned in the cache and on disk, even after all external references have gone away. This isn't a big problem normally, since memory pressure or umount will clear out the directory dentry and its children, releasing the inode. But for UBIFS this causes problems because its orphan area can overflow. http://lkml.org/lkml/2008/7/2/83 http://www.linux-mtd.infradead.org/doc/ubifs.html
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d70b67c8bc72ee23b55381bd6a884f4796692f77
Created attachment 313417 [details] Upstream patch for this issue
Created attachment 313514 [details] Proposed backported patch for RHEL-4.8
Created attachment 313515 [details] Proposed backported patch for RHEL-5.3
*** Bug 457812 has been marked as a duplicate of this bug. ***
This was addressed via: Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787) MRG Realtime for RHEL 5 Server (RHSA-2008:0857) Red Hat Enterprise Linux version 5 (RHSA-2008:0885) Red Hat Enterprise Linux version 3 (RHSA-2008:0973) Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001) Red Hat Enterprise Linux version 4 (RHSA-2009:0014)