APPLIED: [PATCH 0/1][Disco] CVE-2019-9857 - inotify DoS
Seth Forshee
seth.forshee at canonical.com
Thu Mar 28 11:56:25 UTC 2019
On Wed, Mar 27, 2019 at 06:57:20PM +0000, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9857.html
>
> In the Linux kernel through 5.0.2, the function
> inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c
> neglects to call fsnotify_put_mark() with IN_MASK_CREATE after
> fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
> Finally, this will cause a denial of service.
>
> The fix is pretty easy to review but I ensured that the build logs were clean
> and performed a quick boot test.
Applied to disco/master-next, thanks!
More information about the kernel-team
mailing list