[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240417114324.c77wuw5hvjbm6ok5@quack3>
Date: Wed, 17 Apr 2024 13:43:24 +0200
From: Jan Kara <jack@...e.cz>
To: cve@...nel.org, linux-kernel@...r.kernel.org
Cc: linux-cve-announce@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: CVE-2024-26774: ext4: avoid dividing by 0 in
mb_update_avg_fragment_size() when block bitmap corrupt
Hello!
On Wed 03-04-24 19:31:41, Greg Kroah-Hartman wrote:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
>
> Determine if bb_fragments is 0 instead of determining bb_free to eliminate
> the risk of dividing by zero when the block bitmap is corrupted.
>
> The Linux kernel CVE team has assigned CVE-2024-26774 to this issue.
I'd like to understand what is the imagined security threat fixed by this
patch (as multiple patches of similar nature got assigned a CVE). The patch
fixes a bug that if a corrupted filesystem is read-write mounted, we can do
division-by-zero. Now if you can make the system mount a corrupted
filesystem, you can do many interesting things to the system other than
create a division by zero... So what is the presumed threat model here?
Honza
> Affected and fixed versions
> ===========================
>
> Fixed in 5.15.150 with commit 687061cfaa2a
> Fixed in 6.1.80 with commit 8b40eb2e716b
> Fixed in 6.6.19 with commit f32d2a745b02
> Fixed in 6.7.7 with commit 8cf9cc602cfb
> Fixed in 6.8 with commit 993bf0f4c393
>
> Please see https://www.kernel.org for a full list of currently supported
> kernel versions by the kernel community.
>
> Unaffected versions might change over time as fixes are backported to
> older supported kernel versions. The official CVE entry at
> https://cve.org/CVERecord/?id=CVE-2024-26774
> will be updated if fixes are backported, please check that for the most
> up to date information about this issue.
>
>
> Affected files
> ==============
>
> The file(s) affected by this issue are:
> fs/ext4/mballoc.c
>
>
> Mitigation
> ==========
>
> The Linux kernel CVE team recommends that you update to the latest
> stable kernel version for this, and many other bugfixes. Individual
> changes are never tested alone, but rather are part of a larger kernel
> release. Cherry-picking individual commits is not recommended or
> supported by the Linux kernel community at all. If however, updating to
> the latest release is impossible, the individual changes to resolve this
> issue can be found at these commits:
> https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4
> https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150
> https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a
> https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3
> https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists