| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024110925-CVE-2024-50218-68cd@gregkh> Date: Sat, 9 Nov 2024 11:15:26 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-50218: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Description =========== In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater than ocfs2_max_inline_data_with_xattr return -EINVAL. The Linux kernel CVE team has assigned CVE-2024-50218 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 4.19.323 with commit 27d95867bee8 Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 5.4.285 with commit 95fbed8ae8c3 Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 5.10.229 with commit 70767689ec6e Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 5.15.171 with commit ecd62f684386 Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 6.1.116 with commit 2fe5d62e122b Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 6.6.60 with commit 88f97a4b5843 Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 6.11.7 with commit 0b6b8c205578 Issue introduced in 2.6.24 with commit 1afc32b95233 and fixed in 6.12-rc6 with commit bc0a2f3a73fc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-50218 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ocfs2/file.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035 https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486 https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2 https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473 https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0
Powered by blists - more mailing lists