oss-sec mailing list archives

Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 13 Nov 2011 08:55:00 -0700

On 11/11/2011 03:50 PM, Petr Matousek wrote:

A flaw was found in the way Linux kernel's Journaling Block Device (JBD)
handled invalid log first block value. An attacker able to mount
malicious ext3 or ext4 image could use this flaw to crash the system.

Upstream commit:
8762202dd0d6e46854f786bdb6fb3780a1625efe

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=753341

Thanks,

With apologies, I replied to a previous message twice, the correct CVE
assignment for this issue is:

CVE-2011-4132 is for kernel: jbd/jbd2: invalid value of first log block
leads to oops

-- 

-Kurt Seifried / Red Hat Security Response Team

Current thread:

CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Petr Matousek (Nov 11)
- Re: CVE Request -- kernel: jbd/jbd2: invalid value of first log block leads to oops Kurt Seifried (Nov 13)