| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2024 13:43:24 +0200 From: Jan Kara <jack@...e.cz> To: cve@...nel.org, linux-kernel@...r.kernel.org Cc: linux-cve-announce@...r.kernel.org, Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: Re: CVE-2024-26774: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Hello! On Wed 03-04-24 19:31:41, Greg Kroah-Hartman wrote: > Description > =========== > > In the Linux kernel, the following vulnerability has been resolved: > > ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt > > Determine if bb_fragments is 0 instead of determining bb_free to eliminate > the risk of dividing by zero when the block bitmap is corrupted. > > The Linux kernel CVE team has assigned CVE-2024-26774 to this issue. I'd like to understand what is the imagined security threat fixed by this patch (as multiple patches of similar nature got assigned a CVE). The patch fixes a bug that if a corrupted filesystem is read-write mounted, we can do division-by-zero. Now if you can make the system mount a corrupted filesystem, you can do many interesting things to the system other than create a division by zero... So what is the presumed threat model here? Honza > Affected and fixed versions > =========================== > > Fixed in 5.15.150 with commit 687061cfaa2a > Fixed in 6.1.80 with commit 8b40eb2e716b > Fixed in 6.6.19 with commit f32d2a745b02 > Fixed in 6.7.7 with commit 8cf9cc602cfb > Fixed in 6.8 with commit 993bf0f4c393 > > Please see https://www.kernel.org for a full list of currently supported > kernel versions by the kernel community. > > Unaffected versions might change over time as fixes are backported to > older supported kernel versions. The official CVE entry at > https://cve.org/CVERecord/?id=CVE-2024-26774 > will be updated if fixes are backported, please check that for the most > up to date information about this issue. > > > Affected files > ============== > > The file(s) affected by this issue are: > fs/ext4/mballoc.c > > > Mitigation > ========== > > The Linux kernel CVE team recommends that you update to the latest > stable kernel version for this, and many other bugfixes. Individual > changes are never tested alone, but rather are part of a larger kernel > release. Cherry-picking individual commits is not recommended or > supported by the Linux kernel community at all. If however, updating to > the latest release is impossible, the individual changes to resolve this > issue can be found at these commits: > https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4 > https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150 > https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a > https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3 > https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b -- Jan Kara <jack@...e.com> SUSE Labs, CR
Powered by blists - more mailing lists