| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.thread-41c676.your-ad-here.call-01675030179-ext-9637@work.hours>
Date: Sun, 29 Jan 2023 23:47:20 +0100
From: Vasily Gorbik <gor@...ux.ibm.com>
To: Heiko Carstens <hca@...ux.ibm.com>,
Alexander Egorenkov <egorenar@...ux.ibm.com>
Cc: Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
Nick Terrell <terrelln@...com>, linux-s390@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-mips@...r.kernel.org
Subject: [PATCH 0/1] s390: fix initrd corruption in decompressor with new
zstd version
The new version of zstd library integrated in the kernel since v6.2-rc1
https://lore.kernel.org/all/20221024202606.404049-1-nickrterrell@gmail.com/
contains commit
https://github.com/facebook/zstd/commit/6a7ede3dfccb
which introduces a side effect for historical usage of __decompress() function,
i.e. not specifying "out_len" parameter and expecting that no writes beyond
uncompressed kernel image are performed. More details are in follow up fix.
>From architectures which claim HAVE_KERNEL_ZSTD, s390 and MIPS use
__decompress() without specifying "out_len". On s390 this leads to
initrd corruption.
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003348
I haven't looked in details for MIPS but I've added Thomas as the
maintainer and MIPS list in Cc.
The follow up fix addresses that for s390.
Vasily Gorbik (1):
s390/decompressor: specify __decompress() buf len to avoid overflow
arch/s390/boot/decompressor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.38.1
Powered by blists - more mailing lists