Bug 1399711 (CVE-2015-8961) - CVE-2015-8961 kernel: Use after free in __ext4_journal_stop
Summary: CVE-2015-8961 kernel: Use after free in __ext4_journal_stop
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-8961
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1395238
TreeView+ depends on / blocked
 
Reported: 2016-11-29 15:28 UTC by Adam Mariš
Modified: 2021-02-17 02:58 UTC (History)
36 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the ext4 subsystem. This vulnerability is a use after free vulnerability was found in __ext4_journal_stop(). Attackers could abuse this to allow any code which attempts to deal with the journal failure to be mishandled or not fail at all. This could lead to data corruption or crashes.
Clone Of:
Environment:
Last Closed: 2017-02-09 13:22:59 UTC
Embargoed:


Attachments (Terms of Use)

Description Adam Mariš 2016-11-29 15:28:50 UTC
A flaw was found in the ext4 subsystem.  This vulnerability is a use after free vulnerability was found in __ext4_journal_stop() introduced by commit 9705acd63b125dee8b15c705216d7186daea4625.

Attackers could abuse this to allow any code which attempts to deal with the journal failure, to be mishandled or not a failure at all.  This could lead to data corruption or crashes.

Upstream patch:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b


Reference:

https://source.android.com/security/bulletin/2016-11-01.html#eop-in-kernel-file-system

Comment 1 Wade Mealing 2016-12-02 04:00:26 UTC
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having moderate security impact.


Note You need to log in before you can comment on or make changes to this bug.