[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2024110821-CVE-2024-50202-d5c5@gregkh>
Date: Fri, 8 Nov 2024 06:56:20 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry()
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: propagate directory read errors from nilfs_find_entry()
Syzbot reported that a task hang occurs in vcs_open() during a fuzzing
test for nilfs2.
The root cause of this problem is that in nilfs_find_entry(), which
searches for directory entries, ignores errors when loading a directory
page/folio via nilfs_get_folio() fails.
If the filesystem images is corrupted, and the i_size of the directory
inode is large, and the directory page/folio is successfully read but
fails the sanity check, for example when it is zero-filled,
nilfs_check_folio() may continue to spit out error messages in bursts.
Fix this issue by propagating the error to the callers when loading a
page/folio fails in nilfs_find_entry().
The current interface of nilfs_find_entry() and its callers is outdated
and cannot propagate error codes such as -EIO and -ENOMEM returned via
nilfs_find_entry(), so fix it together.
The Linux kernel CVE team has assigned CVE-2024-50202 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 5.10.228 with commit c1d0476885d7
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 5.15.169 with commit edf814605726
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.1.114 with commit 270a6f9df35f
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.6.58 with commit 9698088ac770
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.11.5 with commit efa810b15a25
Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.12-rc4 with commit 08cfa12adf88
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2024-50202
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/nilfs2/dir.c
fs/nilfs2/namei.c
fs/nilfs2/nilfs.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39
https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3
https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989
https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a
https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7
https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
Powered by blists - more mailing lists