blob: 9e298aaec431c74a0aae6728121558d466a683dc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
Description: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2070205
https://lore.kernel.org/linux-ext4/20220428180355.15209-1-jack@suse.cz/T/#t
https://bugzilla.suse.com/show_bug.cgi?id=1198577
Notes:
carnil> Fixed as well in 5.17.14 for 5.17.y, 5.18.3 for 5.18.y.
carnil> Ben, pelase double check if you agree on the triage. It is
carnil> based on the additional information provided in the SUSE
carnil> bugzilla.
carnil> Turns out that 46c116b920eb ("ext4: verify dir block before
carnil> splitting it") and 3ba733f879c2 ("ext4: avoid cycles in
carnil> directory h-tree") are not the upstream fixes, but according to
carnil> Lukas Czerner the following is needed:
carnil> 65f8ea4cd57d ("ext4: check if directory block is within
carnil> i_size") to fix the CVE and additional as defensive measure
carnil> b8a04fe77ef1 ("ext4: make sure ext4_append() always allocates
carnil> new block").
carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
carnil> Second commit in 6.0.3 for 6.0.y.
Bugs:
upstream: released (6.0-rc1) [65f8ea4cd57dbd46ea13b41dc8bac03176b04233], released (6.1-rc1) [61a1d87a324ad5e3ed27c6699dfc93218fcf3201]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.137) [1571c4613059fce2a02508bb8206af75e24c0d58], released (5.10.150) [483831ad0440f62c10d1707c97ce824bd82d98ae]
4.19-upstream-stable: needed
sid: released (5.19.6-1), released (6.0.3-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: released (5.10.140-1), released (5.10.148-1) [bugfix/all/ext4-fix-check-for-block-being-out-of-directory-size.patch]
4.19-buster-security: needed
|