| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 15:30:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: Jan Kara <jack@...e.cz> Cc: cve@...nel.org, linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org Subject: Re: CVE-2024-26774: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt On Wed, Apr 17, 2024 at 01:43:24PM +0200, Jan Kara wrote: > Hello! > > On Wed 03-04-24 19:31:41, Greg Kroah-Hartman wrote: > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt > > > > Determine if bb_fragments is 0 instead of determining bb_free to eliminate > > the risk of dividing by zero when the block bitmap is corrupted. > > > > The Linux kernel CVE team has assigned CVE-2024-26774 to this issue. > > I'd like to understand what is the imagined security threat fixed by this > patch (as multiple patches of similar nature got assigned a CVE). The patch > fixes a bug that if a corrupted filesystem is read-write mounted, we can do > division-by-zero. Now if you can make the system mount a corrupted > filesystem, you can do many interesting things to the system other than > create a division by zero... So what is the presumed threat model here? Exactly what you said, "if you mount a corrupted file system, you will get a divide by zero fault." Many systems auto-mount any filesystem plugged into it. If yours do not, then yours does not need to worry about this type of CVE. thanks, greg k-h
Powered by blists - more mailing lists