| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-199321-13602-ExaaciCl8N@https.bugzilla.kernel.org/>
Date: Tue, 10 Apr 2018 04:29:47 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 199321] use-after-free in jbd2_journal_commit_transaction()
when mounting and operating a crafted ext4 image
https://bugzilla.kernel.org/show_bug.cgi?id=199321
Eric Biggers (ebiggers3@...il.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ebiggers3@...il.com
--- Comment #2 from Eric Biggers (ebiggers3@...il.com) ---
FYI, the reproducer doesn't work unless I revert commit 18db4b4e6fc31 ("ext4:
don't allow r/w mounts if metadata blocks overlap the superblock"). So while
this might be a different bug, it's not obvious since your reproducer no longer
works. Wen, it would save a lot of time if you tested the latest ext4
development branch from kernel.org so that you're including the latest fixes.
You *could* test LTS or stable kernels too to identify missed backports (while
keeping in mind that it can take several weeks for a patch to land there after
being applied upstream), but new bugs really should reported with a working
reproducer against the latest ext4 development branch. Thanks!
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists