[SRU][Jammy/Jammy-OEM-6.0/Jammy-OEM-6.1/Lunar][PATCH 0/1] CVE-2023-4273
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Aug 17 21:33:00 UTC 2023
[Impact]
A flaw was found in the exFAT driver of the Linux kernel. The
vulnerability exists in the implementation of the file name
reconstruction function, which is responsible for reading file name
entries from a directory index and merging file name parts belonging to
one file into a single long file name. Since the file name characters
are copied into a stack variable, a local privileged attacker could use
this flaw to overflow the kernel stack.
[Backport]
It is a clean cherry pick on Lunar.
For Jammy and OEM kernels, there are two conflicts, `int i, err;` line
and `struct ... es;` line, which requires commits 8258ef28001a (“exfat:
handle unreconized benign secondary entries”) and 20914ff6dd56 (“exfat:
move exfat_entry_set_cache from heap to stack”) respectively. However,
they are not relevant to this fix, ignore them and backport the fix
manually.
[Test]
Tested via mounting exfat file system and rename a file with a very long name.
[Potential Regression]
Expect very low regression potential.
Namjae Jeon (1):
exfat: check if filename entries exceeds max filename length
fs/exfat/dir.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list