| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200609065018.26378-1-bvikas@vmware.com>
Date: Tue, 9 Jun 2020 12:20:16 +0530
From: Vikash Bansal <bvikas@...are.com>
To: <gregkh@...uxfoundation.org>
CC: <stable@...r.kernel.org>, <srivatsab@...are.com>,
<srivatsa@...il.mit.edu>, <amakhalov@...are.com>,
<srinidhir@...are.com>, <bvikas@...are.com>, <anishs@...are.com>,
<vsirnapalli@...are.com>, <akaher@...are.com>, <clm@...com>,
<josef@...icpanda.com>, <dsterba@...e.com>,
<anand.jain@...cle.com>, <linux-btrfs@...r.kernel.org>,
<linux-kernel@...r.kernel.org>
Subject: [PATCH v4.19.y 0/2] btrfs: Fix for CVE-2019-18885
CVE Description:
NVD Site Link: https://nvd.nist.gov/vuln/detail?vulnId=CVE-2019-18885
It was discovered that the btrfs file system in the Linux kernel did not
properly validate metadata, leading to a NULL pointer dereference. An
attacker could use this to specially craft a file system image that, when
mounted, could cause a denial of service (system crash).
[PATCH v4.19.y 1/2]:
Backporting of upsream commit 09ba3bc9dd15:
btrfs: merge btrfs_find_device and find_device
[PATCH v4.19.y 2/2]:
Backporting of upstream commit 62fdaa52a3d0:
btrfs: Detect unbalanced tree with empty leaf before crashing
On NVD site link of "commit 09ba3bc9dd150457c506e4661380a6183af651c1"
was given as the fix for this CVE. But the issue was still reproducible.
So had to apply patch "Commit 62fdaa52a3d00a875da771719b6dc537ca79fce1"
to fix the issue.
Powered by blists - more mailing lists