ACK: [SRU][OEM-5.14/OEM-5.17/OEM-6.0][PATCH 0/2] CVE-2023-26607
Tim Gardner
tim.gardner at canonical.com
Wed Mar 22 12:54:15 UTC 2023
On 3/21/23 3:55 PM, Yuxuan Luo wrote:
> [Impact]
> In NTFS/, an assignment to a variable is done without proper sanity check,
> resulting in potential out-of-bounds vulnerability.
>
> [Backport]
> Prior to this fix there was an flawed fix
> 38c9c22a85aeed28d0831f230136e9cf6fa2ed44, it lacks sanity check for
> variable a before name_end assignment. However, cherry picking this commit
> allows for two clean cherry pick, so including it is preferable in this case.
> For OEM-5.14 and OEM-5.17, the first commit is required; however, for OEM-6.0,
> the first one has already been included in the tree, only the fix commit is
> needed.
>
> [Test]
> Compile and boot tested.
>
> TODO: test against PoC
> https://gist.github.com/oswalpalash/cb298c137f3dbfb95a609671a61103fb
>
> [Potential Regression]
> Expecting low risk of regression because the underlying logic remains the same
> but with additional layer of check.
>
> Hawkins Jiawei (1):
> ntfs: fix out-of-bounds read in ntfs_attr_find()
>
> fs/ntfs/attrib.c | 20 ++++++++++++++++----
> 1 file changed, 16 insertions(+), 4 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list