457858 – (CVE-2008-3275) CVE-2008-3275 Linux kernel local filesystem DoS

Bug 457858 (CVE-2008-3275) - CVE-2008-3275 Linux kernel local filesystem DoS

Summary: CVE-2008-3275 Linux kernel local filesystem DoS

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2008-3275
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	457812 (view as bug list)
Depends On:	457859 457860 457861 457862 457863 457864 457865 457866
Blocks:
TreeView+	depends on / blocked

Reported:	2008-08-05 02:10 UTC by Eugene Teo (Security Response)
Modified:	2019-09-29 12:26 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-23 21:47:43 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream patch for this issue (2.35 KB, patch) 2008-08-05 02:13 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for RHEL-4.8 (2.23 KB, patch) 2008-08-06 02:27 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
Proposed backported patch for RHEL-5.3 (2.27 KB, patch) 2008-08-06 02:28 UTC, Eugene Teo (Security Response)	no flags	Details \| Diff
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2008:0787	normal	SHIPPED_LIVE	Important: kernel security update	2009-01-05 07:08:54 UTC
Red Hat Product Errata	RHSA-2008:0857	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-10-07 19:18:59 UTC
Red Hat Product Errata	RHSA-2008:0885	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-09-24 18:45:31 UTC
Red Hat Product Errata	RHSA-2008:0973	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2008-12-17 03:18:50 UTC
Red Hat Product Errata	RHSA-2009:0001	normal	SHIPPED_LIVE	Important: kernel security update	2009-01-08 15:47:52 UTC
Red Hat Product Errata	RHSA-2009:0014	normal	SHIPPED_LIVE	Important: kernel security and bug fix update	2009-01-14 18:05:34 UTC

Description Eugene Teo (Security Response) 2008-08-05 02:10:17 UTC

Description of problem:
Zoltan Sogor noticed this VFS behaviour while testing UBIFS. Lookup can install a child dentry for a deleted directory. This keeps the directory dentry alive, and the inode pinned in the cache and on disk, even after all external references have gone away.

This isn't a big problem normally, since memory pressure or umount will clear out the directory dentry and its children, releasing the inode. But for UBIFS this causes problems because its orphan area can overflow.

http://lkml.org/lkml/2008/7/2/83
http://www.linux-mtd.infradead.org/doc/ubifs.html

Comment 1 Eugene Teo (Security Response) 2008-08-05 02:12:42 UTC

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d70b67c8bc72ee23b55381bd6a884f4796692f77

Comment 2 Eugene Teo (Security Response) 2008-08-05 02:13:43 UTC

Created attachment 313417 [details]
Upstream patch for this issue

Comment 6 Eugene Teo (Security Response) 2008-08-06 02:27:20 UTC

Created attachment 313514 [details]
Proposed backported patch for RHEL-4.8

Comment 7 Eugene Teo (Security Response) 2008-08-06 02:28:12 UTC

Created attachment 313515 [details]
Proposed backported patch for RHEL-5.3

Comment 9 Linda Wang 2008-08-19 22:20:36 UTC

*** Bug 457812 has been marked as a duplicate of this bug. ***

Comment 12 Vincent Danen 2010-12-23 21:47:43 UTC

This was addressed via:

Red Hat Linux Advanced Workstation 2.1 (RHSA-2008:0787)
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)
Red Hat Enterprise Linux version 5 (RHSA-2008:0885)
Red Hat Enterprise Linux version 3 (RHSA-2008:0973)
Red Hat Enterprise Linux version 2.1 (RHSA-2009:0001)
Red Hat Enterprise Linux version 4 (RHSA-2009:0014)

Note You need to log in before you can comment on or make changes to this bug.