The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel
before 2.6.35 uses an incorrect size value in calculations associated with
sentinel directory entries, which allows local users to cause a denial of
service (NULL pointer dereference and panic) and possibly have unspecified
other impact by renaming a file in a GFS2 filesystem, related to the
gfs2_rename function in fs/gfs2/ops_inode.c.
Bob Peterson discovered that GFS2 rename operations did not correctly
validate certain sizes. A local attacker could exploit this to crash the
system, leading to a denial of service.
Updated: 2016-01-26 17:36:46 UTC (commit 10507)