[SRU Focal, Bionic PATCH 0/2] CVE-2022-1184
Cengiz Can
cengiz.can at canonical.com
Wed May 17 16:12:26 UTC 2023
[Impact]
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
Linux kernel’s filesystem sub-component. This flaw allows a local attacker with
a user privilege to cause a denial of service.
[Fix]
This was tricky. I had to dive deep into other vendors' bugzillas and irc
channels to verify if the patches were enough.
The fix consists of:
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
ext4: check if directory block is within i_size
The following fixes one of the fixing commits:
ext4: fix check for block being out of directory size
The following was suggested to be included but I don't know the actual impact:
ext4: make sure ext4_append() always allocates new block
Out of these five commits, 3 were already in Bionic and Focal. I backported or
cherry-picked the missing 2 to Bionic and Focal.
[Test case]
I ran xfstests that specifically target ext4, with the exception of ext4/054
because it always crashes on both unpatched and patched Bionic and Focal kernels.
Other than that, the test results are the same.
[Potential regression]
High. This needs to be reviewed very carefully.
Jan Kara (1):
ext4: fix check for block being out of directory size
Lukas Czerner (1):
ext4: check if directory block is within i_size
fs/ext4/namei.c | 7 +++++++
1 file changed, 7 insertions(+)
--
2.39.2
More information about the kernel-team
mailing list