| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024061915-CVE-2021-47579-4f78@gregkh>
Date: Wed, 19 Jun 2024 16:54:18 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2021-47579: ovl: fix warning in ovl_create_real()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ovl: fix warning in ovl_create_real()
Syzbot triggered the following warning in ovl_workdir_create() ->
ovl_create_real():
if (!err && WARN_ON(!newdentry->d_inode)) {
The reason is that the cgroup2 filesystem returns from mkdir without
instantiating the new dentry.
Weird filesystems such as this will be rejected by overlayfs at a later
stage during setup, but to prevent such a warning, call ovl_mkdir_real()
directly from ovl_workdir_create() and reject this case early.
The Linux kernel CVE team has assigned CVE-2021-47579 to this issue.
Affected and fixed versions
===========================
Fixed in 4.19.222 with commit 445d2dc63e58
Fixed in 5.4.168 with commit f9f300a92297
Fixed in 5.10.88 with commit 6859985a2fbd
Fixed in 5.15.11 with commit d2ccdd4e4efa
Fixed in 5.16 with commit 1f5573cfe7a7
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2021-47579
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/overlayfs/dir.c
fs/overlayfs/overlayfs.h
fs/overlayfs/super.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8
https://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0
https://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7
https://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02
https://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c
Powered by blists - more mailing lists