New Search

Linux Kernel UBIFS Orphan Inode Local Denial of Service Vulnerability

oval:org.mitre.oval:def:6551

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
Class:
vulnerability
Reference(s):
  • CVE-2008-3275
Product(s):