APPLIED[L/J]: [SRU][Jammy/Jammy-OEM-6.0/Jammy-OEM-6.1/Lunar][PATCH 0/1] CVE-2023-4273

[Stefan Bader]

On 17.08.23 23:33, Yuxuan Luo wrote:
> [Impact]
> A flaw was found in the exFAT driver of the Linux kernel. The
> vulnerability exists in the implementation of the file name
> reconstruction function, which is responsible for reading file name
> entries from a directory index and merging file name parts belonging to
> one file into a single long file name. Since the file name characters
> are copied into a stack variable, a local privileged attacker could use
> this flaw to overflow the kernel stack.
> 
> [Backport]
> It is a clean cherry pick on Lunar.
> For Jammy and OEM kernels, there are two conflicts, `int i, err;` line
> and `struct ... es;` line, which requires commits 8258ef28001a (“exfat:
> handle unreconized benign secondary entries”) and 20914ff6dd56 (“exfat:
> move exfat_entry_set_cache from heap to stack”) respectively. However,
> they are not relevant to this fix, ignore them and backport the fix
> manually.
> 
> [Test]
> Tested via mounting exfat file system and rename a file with a very long name.
> 
> [Potential Regression]
> Expect very low regression potential.
> 
> 
> Namjae Jeon (1):
>    exfat: check if filename entries exceeds max filename length
> 
>   fs/exfat/dir.c | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
> 

Applied to lunar,jammy:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230825/2a2912ca/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230825/2a2912ca/attachment-0001.sig>