1481146 – (CVE-2017-10662) CVE-2017-10662 kernel: Missing sanity check for segment count in f2fs

Bug 1481146 (CVE-2017-10662) - CVE-2017-10662 kernel: Missing sanity check for segment count in f2fs

Summary: CVE-2017-10662 kernel: Missing sanity check for segment count in f2fs

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-10662
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1481154
TreeView+	depends on / blocked

Reported:	2017-08-14 08:35 UTC by Adam Mariš
Modified:	2021-02-17 01:43 UTC (History)
CC List:	37 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	It was found that the sanity_check_raw_super() function in 'fs/f2fs/super.c' file in the Linux kernel before version 4.12-rc1 does not validate the f2fs filesystem segment count. This allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Clone Of:
Environment:
Last Closed:	2017-08-27 13:34:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2017-08-14 08:35:00 UTC

In was found that the sanity_check_raw_super() function in 'fs/f2fs/super.c' file in the Linux kernel before 4.12-rc1 does not validate the f2fs filesystem segment count, which allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

References:

https://source.android.com/security/bulletin/2017-08-01#kernel-components

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124

Comment 3 Vladis Dronov 2017-08-27 13:34:35 UTC

Statement:

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 as the code with the flaw is not built and shipped with the products listed.

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
bhu
blc
dhoward
esammons
fhrbata
gansalmon
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
mlangsdo
nmurray
pholasek
plougher
rt-maint
rvrbovsk
slawomir
vdronov
williams