|
|
Log in / Subscribe / Register

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2015-0275
Created:March 9, 2015 Updated:March 16, 2015
Description: From the Red Hat bugzilla:

A flaw was found in the way the Linux kernel's EXT4 filesystem handled page size > block size condition when fallocate zero range functionality is used.

Also from the Red Hat bugzilla, no CVE provided:

It was reported that in vhost_scsi_make_tpg() the limit for "tpgt" is UINT_MAX but the data type of "tpg->tport_tpgt" and that is a u16.

In the context it turns out that in vhost_scsi_set_endpoint(), "tpg->tport_tpgt" is used as an offset into the vs_tpg[] array which has VHOST_SCSI_MAX_TARGET (256) elements, so anything higher than 255 then is invalid. Attached patch corrects this. In vhost_scsi_send_evt() the values higher than 255 are masked, but now that the limit has changed, the mask is not needed.

Alerts:
Oracle ELSA-2015-2152 kernel 2015-11-25
Scientific Linux SLSA-2015:1778-1 kernel 2015-09-15
Oracle ELSA-2015-1778 kernel 2015-09-15
CentOS CESA-2015:1778 kernel 2015-09-16
Red Hat RHSA-2015:1787-01 kernel-rt 2015-09-15
Red Hat RHSA-2015:1788-01 kernel-rt 2015-09-15
Red Hat RHSA-2015:1778-01 kernel 2015-09-15
Ubuntu USN-2637-1 kernel 2015-06-10
Ubuntu USN-2636-1 linux-lts-vivid 2015-06-10
Ubuntu USN-2635-1 linux-lts-utopic 2015-06-10
Ubuntu USN-2638-1 kernel 2015-06-10
Fedora FEDORA-2015-3011 kernel 2015-03-09
Fedora FEDORA-2015-3594 kernel 2015-03-14
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds