Bug 3128 - CVE-2011-3638: kernel: ext4: ext4_ext_insert_extent() kernel oops
Summary: CVE-2011-3638: kernel: ext4: ext4_ext_insert_extent() kernel oops
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Thomas Backlund
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on: 3186
Blocks:
  Show dependency treegraph
 
Reported: 2011-10-21 15:46 CEST by Nicolas Vigier
Modified: 2011-11-11 20:24 CET (History)
0 users

See Also:
Source RPM: kernel
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Vigier 2011-10-21 15:46:03 CEST 
I don't know if our kernel is vulnerable to this issue :
https://bugzilla.redhat.com/show_bug.cgi?id=747942

A flaw was found in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. Althrough ex has been updated in
memory, it is not dirtied both in ext4_ext_convert_to_initialized() and
ext4_ext_insert_extent(). The disk layout is corrupted. Then it will meet with
a BUG_ON() when writting at the start of that extent again.

Introduced in:
56055d3ae4cc7fa6d2b10885f20269de8a989ed7

Upstream fix:
667eff35a1f56fa74ce98a0c7c29a40adc1ba4e3
Nicolas Vigier 2011-10-24 10:01:50 CEST

Summary: kernel: ext4: ext4_ext_insert_extent() kernel oops => CVE-2011-3638: kernel: ext4: ext4_ext_insert_extent() kernel oops

Comment 1 Thomas Backlund 2011-10-25 16:17:51 CEST 
Yep.
fixes merged in SVN, will be part of upcoming 2.6.38.8-7
Thomas Backlund 2011-10-25 23:42:03 CEST

Depends on: (none) => 3186

Comment 2 Thomas Backlund 2011-10-25 23:50:40 CEST 
There is now a kernel-2.6.38.8-7.mga available in core/updates_testing.
Comment 3 Thomas Backlund 2011-11-11 20:24:51 CET 
kernel-2.6.38.8-8.mga released to updates.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.