blob: 7ab73d1535a6fbe6874c24e3391633de2c1e39a3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Description: btrfs: crafted image causes null deref in btrfs_root_node
References:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19036
https://bugzilla.redhat.com/show_bug.cgi?id=1775187
https://bugzilla.suse.com/show_bug.cgi?id=1157692
Notes:
jmm> Fixed by 62fdaa52a3d00a875da771719b6dc537ca79fce1 ?
carnil> This is a good candidate and is included in 5.4-rc1. It was
carnil> futhermore backported to 5.3.4, 5.2.19 and 4.19.129, where the
carnil> 5.3.4 fixing information would as well match what is available
carnil> from the Red Hat bugzilla.
bwh> I think this affects 4.9 but the fix depends on commits going back
bwh> to at least 581c1760415c "btrfs: Validate child tree block's level
bwh> and first key".
Bugs:
upstream: released (5.4-rc1) [62fdaa52a3d00a875da771719b6dc537ca79fce1]
5.10-upstream-stable: N/A "Fixed before branch point"
4.19-upstream-stable: released (4.19.129) [227af79e6cb0ee3faeb8c70be4bc0aec0b09ea25]
4.9-upstream-stable: needed
3.16-upstream-stable: ignored "EOL"
sid: released (5.3.7-1)
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: released (4.19.131-1)
4.9-stretch-security: ignored "EOL"
3.16-jessie-security: ignored "EOL"
|
