News
Vigil@nce: Linux kernel, buffer overflow via xfs_acl_from_disk
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is allowed to mount an XFS filesystem, can use a high or negative number of ACLs, in order to create an overflow, leading to a denial of service or to code execution.
Severity: 2/4
Creation date: 11/01/2012
IMPACTED PRODUCTS
Linux kernel
DESCRIPTION OF THE VULNERABILITY
The Linux kernel supports XFS filesystems.
The xfs_acl_from_disk() function of the fs/xfs/xfs_acl.c file reads ACLs indicated on an XFS filesystem. However, if the number of ACL is larger than XFS_ACL_MAX_ENTRIES (25), or is negative, the xfs_acl_from_disk() function corrupts the memory.
A local attacker, who is allowed to mount an XFS filesystem, can therefore use a high or negative number of ACLs, in order to create an overflow, leading to a denial of service or to code execution.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
