APPLIED [OEM-5.17/OEM-6.0] Re: [SRU Focal, Jammy, OEM-5.17, Kinetic, OEM-6.0, Lunar PATCH 0/1] CVE-2023-2124
Timo Aaltonen
tjaalton at ubuntu.com
Tue Jun 13 13:59:37 UTC 2023
Cengiz Can kirjoitti 12.6.2023 klo 12.42:
> [Impact]
> An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file
> system in how a user restores an XFS image after failure (with a dirty log
> journal). This flaw allows a local user to crash or potentially escalate their
> privileges on the system.
>
> [Fix]
> Cherry picked from upstream. Focal lacks commit 1094d3f12363 ("xfs: refactor log
> recovery buffer item dispatch for pass2 commit functions") so the logic block
> seems to be in another file. For Focal, patched that file and function
> instead.
>
> [Test case]
> Compile and boot tested for all.
>
> Ran xfstests test suite's 800 tests on both unpatched and patched Focal.
> Failures are similar on both.
>
> [Potential regression]
> Users of XFS filesystem might be affected. Although very unlikely.
>
> Darrick J. Wong (1):
> xfs: verify buffer contents when we skip log replay
>
> fs/xfs/xfs_buf_item_recover.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list