NACK: [SRU Focal, Bionic PATCH 0/2] CVE-2022-1184
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Mon Jun 12 20:04:25 UTC 2023
The #2 patch no longer applies for focal and should be revisited to
backport.
I have not looked at the Bionic patch and leave Cascardo to apply that one
as that has now gone esm.
- Luke
On Wed, May 17, 2023 at 9:13 AM Cengiz Can <cengiz.can at canonical.com> wrote:
> [Impact]
> A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
> Linux kernel’s filesystem sub-component. This flaw allows a local attacker
> with
> a user privilege to cause a denial of service.
>
> [Fix]
> This was tricky. I had to dive deep into other vendors' bugzillas and irc
> channels to verify if the patches were enough.
>
> The fix consists of:
> ext4: verify dir block before splitting it
> ext4: avoid cycles in directory h-tree
> ext4: check if directory block is within i_size
>
> The following fixes one of the fixing commits:
> ext4: fix check for block being out of directory size
>
> The following was suggested to be included but I don't know the actual
> impact:
> ext4: make sure ext4_append() always allocates new block
>
> Out of these five commits, 3 were already in Bionic and Focal. I
> backported or
> cherry-picked the missing 2 to Bionic and Focal.
>
> [Test case]
> I ran xfstests that specifically target ext4, with the exception of
> ext4/054
> because it always crashes on both unpatched and patched Bionic and Focal
> kernels.
> Other than that, the test results are the same.
>
> [Potential regression]
> High. This needs to be reviewed very carefully.
>
> Jan Kara (1):
> ext4: fix check for block being out of directory size
>
> Lukas Czerner (1):
> ext4: check if directory block is within i_size
>
> fs/ext4/namei.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --
> 2.39.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230612/61619fc6/attachment-0001.html>
More information about the kernel-team
mailing list