Vigil@nce - Linux kernel: denial of service via ext4_zero_range
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force an assertion error in the ext4_zero_range()
function of the Linux kernel, in order to trigger a denial of
service.
– Impacted products: Linux
– Severity: 1/4
– Creation date: 23/02/2015
DESCRIPTION OF THE VULNERABILITY
The Linux kernel uses the ext4 filesystem.
However, when a range has a zero size, an assertion error occurs
because developers did not except this case, which stops the
process.
An attacker can therefore force an assertion error in the
ext4_zero_range() function of the Linux kernel, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-ext4-zero-range-16241