ACK: [SRU][M][PATCH 0/1] CVE-2024-25739
Philip Cox
philip.cox at canonical.com
Wed Jun 12 12:32:20 UTC 2024
On Fri, 2024-06-07 at 14:41 -0500, Bethany Jamison wrote:
> [Impact]
>
> ubi: Check for too small LEB size in VTBL code
>
> If the LEB size is smaller than a volume table record we cannot
> have volumes.
> In this case abort attaching.
>
> create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel
> through
> 6.7.4 can attempt to allocate zero bytes, and crash, because of a
> missing
> check for ubi->leb_size.
>
> [Fix]
>
> Noble: pending
> Mantic: Clean cherry-pick from linux-6.6.y
> Jammy: pending
> Focal: fixed via stable
> Bionic: fix sent to esm ML
> Xenial: fix sent to esm ML
> Trusty: not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested
>
> [Where problems could occur]
>
> This fix affects those who use the UBI volume table (vtbl),
> an issue with this fix would be visible to the user via a
> system crash.
>
> Richard Weinberger (1):
> ubi: Check for too small LEB size in VTBL code
>
> drivers/mtd/ubi/vtbl.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> --
> 2.34.1
>
>
--
Acked-by: Philip Cox <philip.cox at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240612/68f45876/attachment.html>
More information about the kernel-team
mailing list