Bugzilla – Bug 988708
VUL-0: CVE-2016-6197,CVE-2016-6198: kernel-source: local DoS / crash using rename syscall on overlayfs on top of xfs
Last modified: 2020-06-16 22:06:24 UTC
An unprivileged user could run an exploit using rename syscall on
overlayfs on top of xfs to crash the kernel caused a denial of
Patch can be found here with more in depth description
As far as we can tell, there are circumstances in which each of the
two parts of the patch could be relevant, and thus we are assigning
two CVE IDs.
This patch is present in 4.6 but not in 4.5.5.
These patches are present in both 4.6 and 4.5.5.
- TW: 4.6.x => OK
- SLE12-SP2 / openSUSE-42.2: 4.4.11 already contains the fix
> - SLE12-SP2 / openSUSE-42.2: 4.4.11 already contains the fix
I meant only about the latter two fixes:
The former fix isn't included in SLE12-SP2
Thanks for the analysis so far. I will take over from here.
bugbot adjusting priority
Reassigning to security team after patches submitted.
patches.kernel.org/patch-4.4.15-16 has 11f3710417d026ea2f4fcf362d866342c5274185
overlayfs is new in SLES 12 SP2, so no older versions affected.
fixed before shipping sles 12 sp2.