APPLIED/cmnt: [PATCH 0/1][T/X/B] CVE-2018-18690 - Denial of service in XFS

Khaled Elmously khalid.elmously at canonical.com
Thu Nov 29 07:18:06 UTC 2018


Applied to all targets. Note that the patch as it was didn't actually apply to Trusty as it needed to be adjusted for context and path-changes. I made the necessary adjustments and updated the commit message accordingly (changed it from 'cherry picked from' to 'backported from').


On 2018-11-20 01:31:09 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2018-18690
> 
>  In the Linux kernel before 4.17, a local attacker able to set attributes on
>  an xfs filesystem could make this filesystem non-operational until the next
>  mount by triggering an unchecked error condition during an xfs attribute
>  change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
>  mishandles ATTR_REPLACE operations with conversion of an attr from short to
>  long form.
> 
> Clean cherry pick in Bionic through Trusty. I tested this change in all
> affected releases manually via the reproducer in the upstream kernel.org bug
> report. The build logs are clean.
> 
> Tyler
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team



More information about the kernel-team mailing list