[PATCH 0/1][Disco] CVE-2019-9857 - inotify DoS
Tyler Hicks
tyhicks at canonical.com
Wed Mar 27 18:57:20 UTC 2019
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9857.html
In the Linux kernel through 5.0.2, the function
inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c
neglects to call fsnotify_put_mark() with IN_MASK_CREATE after
fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
Finally, this will cause a denial of service.
The fix is pretty easy to review but I ensured that the build logs were clean
and performed a quick boot test.
Tyler
ZhangXiaoxu (1):
inotify: Fix fsnotify_mark refcount leak in
inotify_update_existing_watch()
fs/notify/inotify/inotify_user.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list