Bugzilla – Bug 996563
VUL-0: CVE-2016-7118: kernel: Kernel Oops when issuing fcntl on an AUFS directory
Last modified: 2016-08-31 15:58:08 UTC
CVE-2016-7118 This bug was opened only for reference. Neither SLE nor openSUSE are affected as AUFS is not available. http://seclists.org/oss-sec/2016/q3/397 Marcin Szewczyk reported and diagnosed a bug in Debian's kernel packages that allows a denial of service (crash) by local users with access to an aufs filesystem. The bug is in a Debian-specific patch, not the upstream kernel or aufs code. The current version in Debian 7 'wheezy' (3.2.81-1) and the current proposed update to Debian 8 'jessie' (3.16.36-1 are affected. Ben. > the wheezy kernel upgrade from 3.2.78-1 to 3.2.81-1 added the SETFL > fcntl support code (#627782) which unfortunately results in a kernel > Oops when the fcntl is called on a directory. This breaks e.g. copying > files from an AUFS filesystem on a remote machine using scp. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7118 http://seclists.org/oss-sec/2016/q3/397
Closing as invalid.