[PATCH 0/1][T/X/B] CVE-2018-18690 - Denial of service in XFS
Tyler Hicks
tyhicks at canonical.com
Tue Nov 20 01:31:09 UTC 2018
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2018-18690
In the Linux kernel before 4.17, a local attacker able to set attributes on
an xfs filesystem could make this filesystem non-operational until the next
mount by triggering an unchecked error condition during an xfs attribute
change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
mishandles ATTR_REPLACE operations with conversion of an attr from short to
long form.
Clean cherry pick in Bionic through Trusty. I tested this change in all
affected releases manually via the reproducer in the upstream kernel.org bug
report. The build logs are clean.
Tyler
More information about the kernel-team
mailing list