NACK/cmnt: [SRU][T/A][PATCH 0/1] Fix for CVE-2018-1094

Stefan Bader stefan.bader at canonical.com
Thu Jul 19 13:01:03 UTC 2018 

On 06.07.2018 23:02, Khalid Elmously wrote:
> The CVE info page states that 2 upstream patches are required to fix this CVE, however I think that's incorrect and I believe only 1 patch is needed for the CVE which is a45403b51582a87872927a3e0fc0a389c26867f1
> 
> Also the matrix states that xenial is vulnerable to this CVE, however I don't think that's true either (it already has a45403b51582a87872927a3e0fc0a389c26867f1 ).
> 
> Clean cherry-pick for artful and a straight-forward backport for trusty.
> 
> 
> Theodore Ts'o (1):
>   ext4: always initialize the crc32c checksum driver
> 
>  fs/ext4/super.c | 15 ++++++---------
>  1 file changed, 6 insertions(+), 9 deletions(-)
> 

I agree that the second patch seems to have nothing to do with the description
of the CVE. Maybe this is another CVE which slipped in.

For Artful, the NACK is because its not high/critical and that release is EOL
(or close).

For Xenial and Trusty, I believe from the description text that the fix may
refer to this 4.13 patch that does introduce some crc32_hash variable:

commit b9fc761ea2d82e910e92f83d01bbbbe1f5e99bfc
Author: Tahsin Erdogan <tahsin at google.com>
Date:   Thu Jun 22 11:53:15 2017 -0400

    ext4: strong binding of xattr inode references

So I would assume, that before that the crc32 driver would be needed only
depending on the features which are checked. And from that kernels before 4.13
to be not affected (whould maybe be supported by the fact that this simple
change never got into 4.4.y upstream).

If this is wrong, then still it looks like the second patch should be paired with:

commit 7ef79ad52136712172eb0525bf0b462516bf2f93
Author: Theodore Ts'o <tytso at mit.edu>
Date:   Thu Apr 26 00:44:46 2018 -0400

    ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs

    Fixes: a45403b51582 ("ext4: always initialize the crc32c checksum driver")
    Reported-by: François Valenduc <francoisvalenduc at gmail.com>
    Signed-off-by: Theodore Ts'o <tytso at mit.edu>
    Cc: stable at vger.kernel.org

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180719/15a624c0/attachment.sig>

More information about the kernel-team mailing list