Vigil@nce - Linux kernel: denial of service via MBCache
September 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can manipulate files on an ext4 partition with
MBCache on the Linux kernel, in order to trigger a denial of
service.
Impacted products: Linux.
Severity: 1/4.
Creation date: 26/08/2016.
DESCRIPTION OF THE VULNERABILITY
The Linux kernel uses MBCache (Filesystem Meta Information Block
Cache), in order to optimize performances on ext4.
However, MBCache does not correctly manage locking of extended
attributes, which blocks the system.
A local attacker can therefore manipulate files on an ext4
partition with MBCache on the Linux kernel, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-MBCache-20475