Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26949
HistoryAug 30, 2011 - 12:00 a.m.

[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS

2011-08-3000:00:00
vulners.com
15
JSON

PRE-CERT Security Advisory

  • Advisory: PRE-SA-2011-06
  • Released on: 19 August 2011
  • Last updated on: 19 August 2011
  • Affected product: Linux Kernel 2.4, 2.6, and 3.0
  • Impact: denial-of-service
  • Origin: Be file system
  • Credit: Timo Warns (PRESENSE Technologies GmbH)
  • CVE Identifier: CVE-2011-2928

Summary

The Linux kernel contains a vulnerability in the driver for Be file systems
that may lead to a kernel oops via a corrupted Be file system.

In fs/befs/linuxvfs.c, befs_follow_link() reads a length attribute for a
long
symlink from a data stream of a Be file system.

befs_data_stream *data = &befs_ino->i_data.ds;
befs_off_t len = data->size;

The data->size / len value is not validated and can be 0 on a corrupted
file system.

befs_follow_link() allocates some memory based on len. Effectively, kmalloc
returns ZERO_SIZE_PTR in this case.

    link = kmalloc(len, GFP_NOFS);

Subsequently, an assignment dereferences ZERO_SIZE_PTR causing a kernel
oops:

                    link[len - 1] = '\0';

Workaround

Compile and use a kernel that does not support the Be file system. The
corresponding configuration key is CONFIG_BEFS_FS.

Solution

A patch is available at
http://git.kernel.org/linus/338d0f0a6fbc82407864606f5b64b75aeb3c70f2

References

When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:

http://www.pre-cert.de/advisories/PRE-SA-2011-06.txt

Contact

PRE-CERT can be reached under [email protected]. For PGP key
information, refer to http://www.pre-cert.de/.

Related

prion 1
securityvulns 2
cve 1
ubuntucve 1
suse 5
nessus 21
openvas 36
ubuntu 12
debian 3
osv 2
fedora 4
prion
prion
Null pointer dereference
2011-08-29 17:55:00
securityvulns
securityvulns
Linux kernel DoS
2011-08-30 00:00:00
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-13 00:00:00
cve
cve
CVE-2011-2928
2011-08-29 17:55:00
ubuntucve
ubuntucve
CVE-2011-2928
2011-08-29 00:00:00
suse
suse
kernel update for SLE11 SP1 (important)
2011-10-08 01:08:26
Security update for Linux kernel (important)
2011-10-08 01:08:22
denial of service in kernel
2011-10-17 17:58:35
nessus
nessus
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5219 / 5222 / 5223)
2011-12-13 00:00:00
SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 8161)
2012-06-15 00:00:00
Ubuntu 8.04 LTS : linux vulnerabilities (USN-1225-1)
2011-10-05 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0736-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-1225-1)
2011-10-10 00:00:00
Ubuntu Update for linux USN-1225-1
2011-10-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-10-04 00:00:00
Linux kernel vulnerabilities
2011-10-25 00:00:00
Linux kernel (OMAP4) vulnerabilities
2011-10-12 00:00:00
debian
debian
[SECURITY] [DSA 2310-1] linux-2.6 security update
2011-09-22 22:48:48
[SECURITY] [DSA 2303-1] linux-2.6 security update
2011-09-08 21:31:02
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
2011-09-11 02:06:57
osv
osv
linux-2.6 - several issues
2011-09-22 00:00:00
linux-2.6 - several issues
2011-09-10 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-97.fc14
2011-10-08 17:59:55
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-100.fc14
2011-10-30 00:31:24
[SECURITY] Fedora 14 Update: kernel-2.6.35.14-103.fc14
2011-11-04 20:29:13
JSON
Related for SECURITYVULNS:DOC:26949
prion1securityvulns2cve1ubuntucve1suse5nessus21openvas36ubuntu12debian3osv2fedora4