ACK: [SRU Focal, Bionic PATCH 0/2] CVE-2022-1184
Tim Gardner
tim.gardner at canonical.com
Tue May 23 13:15:37 UTC 2023
On 5/17/23 10:12 AM, Cengiz Can wrote:
> [Impact]
> A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the
> Linux kernel’s filesystem sub-component. This flaw allows a local attacker with
> a user privilege to cause a denial of service.
>
> [Fix]
> This was tricky. I had to dive deep into other vendors' bugzillas and irc
> channels to verify if the patches were enough.
>
> The fix consists of:
> ext4: verify dir block before splitting it
> ext4: avoid cycles in directory h-tree
> ext4: check if directory block is within i_size
>
> The following fixes one of the fixing commits:
> ext4: fix check for block being out of directory size
>
> The following was suggested to be included but I don't know the actual impact:
> ext4: make sure ext4_append() always allocates new block
>
> Out of these five commits, 3 were already in Bionic and Focal. I backported or
> cherry-picked the missing 2 to Bionic and Focal.
>
> [Test case]
> I ran xfstests that specifically target ext4, with the exception of ext4/054
> because it always crashes on both unpatched and patched Bionic and Focal kernels.
> Other than that, the test results are the same.
>
> [Potential regression]
> High. This needs to be reviewed very carefully.
>
> Jan Kara (1):
> ext4: fix check for block being out of directory size
>
> Lukas Czerner (1):
> ext4: check if directory block is within i_size
>
> fs/ext4/namei.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list