1757321 – (CVE-2019-16413) CVE-2019-16413 kernel: i_size_read() infinite loop leads to denial of service

Bug 1757321 (CVE-2019-16413) - CVE-2019-16413 kernel: i_size_read() infinite loop leads to denial of service

Summary: CVE-2019-16413 kernel: i_size_read() infinite loop leads to denial of service

Keywords:
Status:	NEW
Alias:	CVE-2019-16413
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1757323
TreeView+	depends on / blocked

Reported:	2019-10-01 08:38 UTC by msiddiqu
Modified:	2019-10-07 08:14 UTC (History)
CC List:	47 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description msiddiqu 2019-10-01 08:38:50 UTC

An issue was discovered in the Linux kernel. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.

Upstream patch: 

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5e3cc1ee1405a7eb3487ed24f786dec01b4cbe1f

References:  

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.4
https://patchwork.kernel.org/patch/10753365/

Note You need to log in before you can comment on or make changes to this bug.

acaringi
airlied
bdettelb
bhu
blc
brdeoliv
bskeggs
dhoward
dominik.mierzejewski
dvlasenk
esammons
fhrbata
hdegoede
hkrzesin
iboverma
ichavero
itamar
jarodwilson
jeremy
jforbes
jglisse
jlelli
john.j5live
jonathan
josef
jross
jschorr
jshortt
jstancek
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
linville
masami256
matt
mchehab
mcressma
mjg59
mlangsdo
nmurray
plougher
rt-maint
rvrbovsk
steved
williams