ACK: [SRU Focal, Bionic PATCH 0/2] CVE-2022-1184
Andrei Gherzan
andrei.gherzan at canonical.com
Thu May 18 14:42:55 UTC 2023
On 23/05/17 07:12PM, Cengiz Can wrote:
> [Impact]
> A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
> Linux kernel’s filesystem sub-component. This flaw allows a local attacker with
> a user privilege to cause a denial of service.
>
> [Fix]
> This was tricky. I had to dive deep into other vendors' bugzillas and irc
> channels to verify if the patches were enough.
>
> The fix consists of:
> ext4: verify dir block before splitting it
> ext4: avoid cycles in directory h-tree
> ext4: check if directory block is within i_size
>
> The following fixes one of the fixing commits:
> ext4: fix check for block being out of directory size
>
> The following was suggested to be included but I don't know the actual impact:
> ext4: make sure ext4_append() always allocates new block
>
> Out of these five commits, 3 were already in Bionic and Focal. I backported or
> cherry-picked the missing 2 to Bionic and Focal.
>
> [Test case]
> I ran xfstests that specifically target ext4, with the exception of ext4/054
> because it always crashes on both unpatched and patched Bionic and Focal kernels.
> Other than that, the test results are the same.
>
> [Potential regression]
> High. This needs to be reviewed very carefully.
>
> Jan Kara (1):
> ext4: fix check for block being out of directory size
>
> Lukas Czerner (1):
> ext4: check if directory block is within i_size
>
> fs/ext4/namei.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> --
> 2.39.2
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230518/8a21dc1a/attachment.sig>
More information about the kernel-team
mailing list