[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024081731-CVE-2024-43845-a85d@gregkh>
Date: Sat, 17 Aug 2024 11:22:49 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix bogus checksum computation in udf_rename()
Syzbot reports uninitialized memory access in udf_rename() when updating
checksum of '..' directory entry of a moved directory. This is indeed
true as we pass on-stack diriter.fi to the udf_update_tag() and because
that has only struct fileIdentDesc included in it and not the impUse or
name fields, the checksumming function is going to checksum random stack
contents beyond the end of the structure. This is actually harmless
because the following udf_fiiter_write_fi() will recompute the checksum
from on-disk buffers where everything is properly included. So all that
is needed is just removing the bogus calculation.
The Linux kernel CVE team has assigned CVE-2024-43845 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.3 with commit e9109a92d2a9 and fixed in 6.6.44 with commit fe2ead240c31
Issue introduced in 6.3 with commit e9109a92d2a9 and fixed in 6.10.3 with commit 40d7b3ed5244
Issue introduced in 6.3 with commit e9109a92d2a9 and fixed in 6.11-rc1 with commit 27ab33854873
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-43845
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/udf/namei.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab
https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4
https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c
Powered by blists - more mailing lists