[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240801145925.2990-2-ailiop@suse.com>
Date: Thu, 1 Aug 2024 16:59:26 +0200
From: Anthony Iliopoulos <ailiop@...e.com>
To: gregkh@...uxfoundation.org,
Mike Marshall <hubcap@...ibond.com>,
cve@...nel.org,
linux-kernel@...r.kernel.org
Cc: linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2024-42143: orangefs: fix out-of-bounds fsid access
On Tue, Jul 30, 2024 at 09:48:01AM +0200, Greg Kroah-Hartman wrote:
> Description
> ===========
>
> In the Linux kernel, the following vulnerability has been resolved:
>
> orangefs: fix out-of-bounds fsid access
>
> Arnd Bergmann sent a patch to fsdevel, he says:
>
> "orangefs_statfs() copies two consecutive fields of the superblock into
> the statfs structure, which triggers a warning from the string fortification
> helpers"
>
> Jan Kara suggested an alternate way to do the patch to make it more readable.
>
> I ran both ideas through xfstests and both seem fine. This patch
> is based on Jan Kara's suggestion.
>
> The Linux kernel CVE team has assigned CVE-2024-42143 to this issue.
I think this one needs to be disputed as there was no actual out of
bounds access. The fix is basically just silencing the string
fortification warning which was due to:
memcpy(&buf->f_fsid, &ORANGEFS_SB(sb)->fs_id, sizeof(buf->f_fsid));
and fortify-string complaining as it detects that memory beyond
sb->fs_id is going to be accessed, which was intentional:
struct orangefs_sb_info_s {
[...]
__s32 fs_id;
int id;
[...]
};
The fix simply made the fs_id and id fields assignment explicit so as to
avoid the warning.
Mike, could you confirm that this should not be a CVE?
Regards,
Anthony
Powered by blists - more mailing lists