Bug 3128

Summary: CVE-2011-3638: kernel: ext4: ext4_ext_insert_extent() kernel oops
Product: Mageia Reporter: Nicolas Vigier <boklm>
Component: SecurityAssignee: Thomas Backlund <tmb>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: kernel CVE:
Status comment:
Bug Depends on: 3186    
Bug Blocks:    

Description Nicolas Vigier 2011-10-21 15:46:03 CEST 
I don't know if our kernel is vulnerable to this issue :
https://bugzilla.redhat.com/show_bug.cgi?id=747942

A flaw was found in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. Althrough ex has been updated in
memory, it is not dirtied both in ext4_ext_convert_to_initialized() and
ext4_ext_insert_extent(). The disk layout is corrupted. Then it will meet with
a BUG_ON() when writting at the start of that extent again.

Introduced in:
56055d3ae4cc7fa6d2b10885f20269de8a989ed7

Upstream fix:
667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
Nicolas Vigier 2011-10-24 10:01:50 CEST

Summary: kernel: ext4: ext4_ext_insert_extent() kernel oops => CVE-2011-3638: kernel: ext4: ext4_ext_insert_extent() kernel oops

Comment 1 Thomas Backlund 2011-10-25 16:17:51 CEST 
Yep.
fixes merged in SVN, will be part of upcoming 2.6.38.8-7
Thomas Backlund 2011-10-25 23:42:03 CEST

Depends on: (none) => 3186

Comment 2 Thomas Backlund 2011-10-25 23:50:40 CEST 
There is now a kernel-2.6.38.8-7.mga available in core/updates_testing.
Comment 3 Thomas Backlund 2011-11-11 20:24:51 CET 
kernel-2.6.38.8-8.mga released to updates.

Status: NEW => RESOLVED
Resolution: (none) => FIXED