NAK: [SRU][Xenial][PATCH 0/1] Fix for CVE-2021-3506

Joseph Salisbury joseph.salisbury at canonical.com
Tue Feb 8 20:21:04 UTC 2022


Patch should be for Bionic, so NAKing and re-sending.

On 2/8/22 15:16, Joseph Salisbury wrote:
> [Impact]
> This CVE has been considered by NVD to have a High impact.
> We are now including fixes for such CVEs on some of our kernels based on 4.4.
>
> An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the
> f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check
> failure allows a local attacker to gain access to out-of-bounds memory leading
> to a system crash or a leak of internal kernel information. The highest threat
> from this vulnerability is to system availability.
>
> [Fix]
> b862676e3717 ("f2fs: fix to avoid out-of-bounds memory access")
>
> [Potential regression]
> This change is limited to f2fs.
>
> CVE-2021-3506
>
> Chao Yu (1):
>    f2fs: fix to avoid out-of-bounds memory access
>
>   fs/f2fs/node.c | 3 +++
>   1 file changed, 3 insertions(+)
>




More information about the kernel-team mailing list