APPLIED [OEM-5.17/OEM-6.0]: [SRU][OEM-5.14/OEM-5.17/OEM-6.0][PATCH 0/2] CVE-2023-26607
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:55:15 UTC 2023
On Tue, Mar 21, 2023 at 05:55:32PM -0400, Yuxuan Luo wrote:
> [Impact]
> In NTFS/, an assignment to a variable is done without proper sanity check,
> resulting in potential out-of-bounds vulnerability.
>
> [Backport]
> Prior to this fix there was an flawed fix
> 38c9c22a85aeed28d0831f230136e9cf6fa2ed44, it lacks sanity check for
> variable a before name_end assignment. However, cherry picking this commit
> allows for two clean cherry pick, so including it is preferable in this case.
> For OEM-5.14 and OEM-5.17, the first commit is required; however, for OEM-6.0,
> the first one has already been included in the tree, only the fix commit is
> needed.
>
> [Test]
> Compile and boot tested.
>
> TODO: test against PoC
> https://gist.github.com/oswalpalash/cb298c137f3dbfb95a609671a61103fb
>
> [Potential Regression]
> Expecting low risk of regression because the underlying logic remains the same
> but with additional layer of check.
>
> Hawkins Jiawei (1):
> ntfs: fix out-of-bounds read in ntfs_attr_find()
>
> fs/ntfs/attrib.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-5.17 and jammy:linux-oem-6.0. Thank you!
More information about the kernel-team
mailing list