CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned…

CVE-2017-15121 [MEDIUM] CWE-20 GHSA-j44m-j98w-c9cw: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not en A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

CVE-2017-15121 [MEDIUM] CVE-2017-15121: A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not en A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.

CVE-2017-15121 [MEDIUM] CWE-20 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client kernel: vfs: BUG in truncate_inode_pages_range() and fuse client A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 7 for ARM and Red Hat Enterprise Linux 7 for Power LE. This issue affects the versions of the Linux kernel as shipped with 6, 7 and Red Hat Enterprise MRG 2. Future updates for the respective releases may address this issue. Package: kern

CVE-2017-15121 [MEDIUM] CVE-2017-15121: linux - A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and cras... A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Scope: local bookworm: resolved (fixed in 3.11.5-1) bullseye: resolved (fixed in 3.11.5-1) forky: resolved (fixed in 3.11.5-1) sid: resolved (fixed in 3.11.5-1) trixie: resolved (fixed in 3.11.5-1)

CVE-2017-15121 [MEDIUM] CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client A non-prigileged user is able to mount a fuse filesystem on RHEL6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. Discussion: Acknowledgments: Name: Miklos Szeredi (Red Hat) --- Vladis, is this a Red Hat Kernel specific issue? --- hei hai, Salvatore, yes, mostly. it appeared that rhel-6 and -7 are vulnerable, but rhel-alt is not. this means the flaw is reproduced with kernels from, at leat, 2.6.32 to 3.10, but not with 4.11. the upstream fix for this is commit 5a7203947a1d ("mm: teach truncate_inode_pages_range() to handle non page aligned ranges") which is in the upstream since v3.11-rc1. --- Statement: This issue does not affect the L