Bugzilla – Bug 996563
VUL-0: CVE-2016-7118: kernel: Kernel Oops when issuing fcntl on an AUFS directory
Last modified: 2016-08-31 15:58:08 UTC
This bug was opened only for reference.
Neither SLE nor openSUSE are affected as AUFS is not available.
Marcin Szewczyk reported and diagnosed a bug in Debian's kernel
packages that allows a denial of service (crash) by local users with
access to an aufs filesystem. The bug is in a Debian-specific patch,
not the upstream kernel or aufs code.
The current version in Debian 7 'wheezy' (3.2.81-1) and the current proposed update to Debian 8 'jessie' (3.16.36-1 are affected.
> the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL
> fcntl support code (#627782) which unfortunately results in a kernel
> Oops when the fcntl is called on a directory. This breaks e.g. copying
> files from an AUFS filesystem on a remote machine using scp.
Closing as invalid.