Excellent, thanks Sergej. ** Information type changed from Private Security to Public Security
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1763403 Title: Multiple Memory Corruption Issues in ntfs.ko (Linux 4.15.0-15.16) Status in linux package in Ubuntu: Triaged Bug description: Dear all, The following memory corruption issues in ntfs.ko (such as use-after-frees, stack- and heap-out-of-bounds accesses and BUG_ON / BUG assertion fails) were found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the causing NTFS filesystem image, the dmesg reports, KASAN reports and the source code of a simple mounting tool to reproduce those issues (ntfs_inject.c). A local users who have been granted the privileges necessary to mount filesystems (or a system components which auto mounts filesystems) could trigger a kernel oops, a kernel panic (depending on panic_on_oops) or exploit those bugs to raise privileges. We can verify this issues for Linux 4.15.0-15.16 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source linux"). Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
