APPLIED[F]: [SRU Focal, Bionic PATCH 0/2] CVE-2022-1184
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Wed Jun 14 13:56:30 UTC 2023
It did apply correctly, however the emails were being generated it was
applying them in the opposite order which was leading to the apply
conflicts. Sorry for the confusion.
Applied to focal:linux master-next.
Thanks Cengiz :)
- Luke
On Wed, May 17, 2023 at 9:13 AM Cengiz Can <cengiz.can at canonical.com> wrote:
> [Impact]
> A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
> Linux kernel’s filesystem sub-component. This flaw allows a local attacker
> with
> a user privilege to cause a denial of service.
>
> [Fix]
> This was tricky. I had to dive deep into other vendors' bugzillas and irc
> channels to verify if the patches were enough.
>
> The fix consists of:
> ext4: verify dir block before splitting it
> ext4: avoid cycles in directory h-tree
> ext4: check if directory block is within i_size
>
> The following fixes one of the fixing commits:
> ext4: fix check for block being out of directory size
>
> The following was suggested to be included but I don't know the actual
> impact:
> ext4: make sure ext4_append() always allocates new block
>
> Out of these five commits, 3 were already in Bionic and Focal. I
> backported or
> cherry-picked the missing 2 to Bionic and Focal.
>
> [Test case]
> I ran xfstests that specifically target ext4, with the exception of
> ext4/054
> because it always crashes on both unpatched and patched Bionic and Focal
> kernels.
> Other than that, the test results are the same.
>
> [Potential regression]
> High. This needs to be reviewed very carefully.
>
> Jan Kara (1):
> ext4: fix check for block being out of directory size
>
> Lukas Czerner (1):
> ext4: check if directory block is within i_size
>
> fs/ext4/namei.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --
> 2.39.2
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230614/6f4a72b9/attachment.html>
More information about the kernel-team
mailing list