[SRU][OEM-5.14/OEM-5.17/OEM-6.0][PATCH 0/2] CVE-2023-26607
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Mar 21 21:55:32 UTC 2023
[Impact]
In NTFS/, an assignment to a variable is done without proper sanity check,
resulting in potential out-of-bounds vulnerability.
[Backport]
Prior to this fix there was an flawed fix
38c9c22a85aeed28d0831f230136e9cf6fa2ed44, it lacks sanity check for
variable a before name_end assignment. However, cherry picking this commit
allows for two clean cherry pick, so including it is preferable in this case.
For OEM-5.14 and OEM-5.17, the first commit is required; however, for OEM-6.0,
the first one has already been included in the tree, only the fix commit is
needed.
[Test]
Compile and boot tested.
TODO: test against PoC
https://gist.github.com/oswalpalash/cb298c137f3dbfb95a609671a61103fb
[Potential Regression]
Expecting low risk of regression because the underlying logic remains the same
but with additional layer of check.
Hawkins Jiawei (1):
ntfs: fix out-of-bounds read in ntfs_attr_find()
fs/ntfs/attrib.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list