A vulnerability was found in Linux Kernels implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. The ovl_create function can return a positive number leading to a null pointer derference of path in may_open. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a Denial Of Service (DOS). This flaw likely only affects Red Hat Enterprise Linux 7 based products as this issue was created by by human-error in the backporting process. References: https://bugzilla.redhat.com/show_bug.cgi?id=1677705 Proposed fix: https://bugzilla.redhat.com/show_bug.cgi?id=1677778
Acknowledgments: Name: Vasily Averin (Virtuozzo)
Mitigation: Some systems may wish to use device-mapper as an alternative to overlayfs. This does not remove the flaw if overlayfs module is still in use.
Created attachment 1604006 [details] Fix for flaw.