blob: 5ba44cb3bd7ce24ca096ada6f7c2ee3422665624 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Description: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2070205
https://lore.kernel.org/linux-ext4/20220428180355.15209-1-jack@suse.cz/T/#t
https://bugzilla.suse.com/show_bug.cgi?id=1198577
Notes:
carnil> Fixed as well in 5.17.14 for 5.17.y, 5.18.3 for 5.18.y.
carnil> Ben, pelase double check if you agree on the triage. It is
carnil> based on the additional information provided in the SUSE
carnil> bugzilla.
carnil> Turns out that 46c116b920eb ("ext4: verify dir block before
carnil> splitting it") and 3ba733f879c2 ("ext4: avoid cycles in
carnil> directory h-tree") are not the upstream fixes, but according to
carnil> Lukas Czerner the following is needed:
carnil> 65f8ea4cd57d ("ext4: check if directory block is within
carnil> i_size") to fix the CVE and additional as defensive measure
carnil> b8a04fe77ef1 ("ext4: make sure ext4_append() always allocates
carnil> new block").
Bugs:
upstream: released (6.0-rc1) [65f8ea4cd57dbd46ea13b41dc8bac03176b04233]
5.10-upstream-stable: needed
4.19-upstream-stable: needed
sid: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
|