[SRU Focal, Bionic PATCH 0/2] CVE-2022-1184

[Cengiz Can]

[Impact]
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
Linux kernel’s filesystem sub-component. This flaw allows a local attacker with
a user privilege to cause a denial of service.

[Fix]
This was tricky. I had to dive deep into other vendors' bugzillas and irc 
channels to verify if the patches were enough.

The fix consists of:
  ext4: verify dir block before splitting it
  ext4: avoid cycles in directory h-tree
  ext4: check if directory block is within i_size

The following fixes one of the fixing commits:
  ext4: fix check for block being out of directory size

The following was suggested to be included but I don't know the actual impact:
  ext4: make sure ext4_append() always allocates new block

Out of these five commits, 3 were already in Bionic and Focal. I backported or
cherry-picked the missing 2 to Bionic and Focal.

[Test case]
I ran xfstests that specifically target ext4, with the exception of ext4/054 
because it always crashes on both unpatched and patched Bionic and Focal kernels. 
Other than that, the test results are the same.

[Potential regression]
High. This needs to be reviewed very carefully.

Jan Kara (1):
  ext4: fix check for block being out of directory size

Lukas Czerner (1):
  ext4: check if directory block is within i_size

 fs/ext4/namei.c | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.39.2