First published: Thu Oct 02 2014(Updated: )
A flaw was found in the way the xfs_da3_fixhashpath() function of the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories, potentially resulting in kernel panic. Upstream fix: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d</a> Reproducer: <a href="http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=blob;f=src/dirhash_collide.c;h=55cec872d5061ac2ca0f56d1f11e6bf349d5bb97;hb=947ee8bd4b59770534297572b14c695e9c6e001e">http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=blob;f=src/dirhash_collide.c;h=55cec872d5061ac2ca0f56d1f11e6bf349d5bb97;hb=947ee8bd4b59770534297572b14c695e9c6e001e</a> References: <a href="http://seclists.org/oss-sec/2014/q4/28">http://seclists.org/oss-sec/2014/q4/28</a> <a href="http://marc.info/?l=linux-xfs&m=139590613002926&w=2">http://marc.info/?l=linux-xfs&m=139590613002926&w=2</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | <3.14.2 | |
Redhat Mrg Realtime | =2.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.