[PATCH 0/1][Disco] CVE-2019-9857 - inotify DoS

Tyler Hicks tyhicks at canonical.com
Wed Mar 27 18:57:20 UTC 2019


 In the Linux kernel through 5.0.2, the function
 inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c
 neglects to call fsnotify_put_mark() with IN_MASK_CREATE after
 fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
 Finally, this will cause a denial of service.

The fix is pretty easy to review but I ensured that the build logs were clean
and performed a quick boot test.


ZhangXiaoxu (1):
  inotify: Fix fsnotify_mark refcount leak in

 fs/notify/inotify/inotify_user.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)


More information about the kernel-team mailing list