[SRU][Focal/Lunar][PATCH 0/1] CVE-2023-3212
Yuxuan Luo
yuxuan.luo at canonical.com
Wed Aug 16 18:53:14 UTC 2023
On 8/16/23 04:28, Stefan Bader wrote:
> On 15.08.23 18:24, Yuxuan Luo wrote:
>> [Impact]
>> Yang Lan discovered that the GFS2 file system implementation in the
>> Linux kernel could attempt to dereference a null pointer in some
>> situations. An attacker could use this to construct a malicious GFS2
>> image that, when mounted and operated on, could cause a denial of
>> service (system crash).
>
> Why is Jammy not affected?
Good catch. UCT shows that Jammy is `pending (5.15.0-83.92)`. My local
cranky/master-next:linux-meta/debian/changelog only shows up to 83.80,
I assume it has already been fetched in Jammy's tree somewhere else.
>
>>
>> [Backport]
>> For Lunar, it is a clean cherry pick.
>> For Focal, there is a conflict revolving the `if
>> (test_bit(GIF_ALLOC_FAILED, &ip->i_flags)) {` line which requires
>> 9e73330f298a (“gfs2: Try harder to delete inodes locally”) commit.
>> However, even though the aforementioned conflicting line was modified to
>> what it is now in the fix commit, it is not related to the fix, ignore
>> it.
>>
>> [Test]
>> Tested via mount and umount gfs2.
>>
>> [Potential Regression]
>> Expect no regression.
>>
>>
>> Bob Peterson (1):
>> gfs2: Don't deref jdesc in evict
>>
>> fs/gfs2/super.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>
More information about the kernel-team
mailing list