| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024110821-CVE-2024-50202-d5c5@gregkh> Date: Fri, 8 Nov 2024 06:56:20 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() Description =========== In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together. The Linux kernel CVE team has assigned CVE-2024-50202 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 5.10.228 with commit c1d0476885d7 Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 5.15.169 with commit edf814605726 Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.1.114 with commit 270a6f9df35f Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.6.58 with commit 9698088ac770 Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.11.5 with commit efa810b15a25 Issue introduced in 2.6.30 with commit 2ba466d74ed7 and fixed in 6.12-rc4 with commit 08cfa12adf88 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-50202 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nilfs2/dir.c fs/nilfs2/namei.c fs/nilfs2/nilfs.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c1d0476885d708a932980b0f28cd90d9bd71db39 https://git.kernel.org/stable/c/edf8146057264191d5bfe5b91773f13d936dadd3 https://git.kernel.org/stable/c/270a6f9df35fa2aea01ec23770dc9b3fc9a12989 https://git.kernel.org/stable/c/9698088ac7704e260f492d9c254e29ed7dd8729a https://git.kernel.org/stable/c/efa810b15a25531cbc2f527330947b9fe16916e7 https://git.kernel.org/stable/c/08cfa12adf888db98879dbd735bc741360a34168
Powered by blists - more mailing lists