Note:
This project will be discontinued after December 13, 2021. [more]
2018-03-12
In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode, which allows local users to cause a denial of service (BUG) by modifying a certain e_cpos field.
| Products | Linux_kernel |
| Type | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362) |
| First patch |
https://github.com/torvalds/linux/commit/3e4c56d41eef5595035872a2ec5a483f42e8917f |
| Relevant file/s | ./fs/ocfs2/aops.c (modified, +18, -8) |
| Links |
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e4c56d41eef5595035872a2ec5a483f42e8917f
• http://www.securityfocus.com/bid/103353 • https://www.debian.org/security/2018/dsa-4188 |
Navigation
Patch data:
Patched area:
(on by default)
Patched area: