[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2024082246-canister-freehand-fc84@gregkh>
Date: Thu, 22 Aug 2024 08:01:55 +0800
From: Greg KH <gregkh@...uxfoundation.org>
To: Anthony Iliopoulos <ailiop@...e.com>
Cc: Mike Marshall <hubcap@...ibond.com>, cve@...nel.org,
linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org
Subject: Re: CVE-2024-42143: orangefs: fix out-of-bounds fsid access
On Thu, Aug 01, 2024 at 04:59:26PM +0200, Anthony Iliopoulos wrote:
> On Tue, Jul 30, 2024 at 09:48:01AM +0200, Greg Kroah-Hartman wrote:
> > Description
> > ===========
> >
> > In the Linux kernel, the following vulnerability has been resolved:
> >
> > orangefs: fix out-of-bounds fsid access
> >
> > Arnd Bergmann sent a patch to fsdevel, he says:
> >
> > "orangefs_statfs() copies two consecutive fields of the superblock into
> > the statfs structure, which triggers a warning from the string fortification
> > helpers"
> >
> > Jan Kara suggested an alternate way to do the patch to make it more readable.
> >
> > I ran both ideas through xfstests and both seem fine. This patch
> > is based on Jan Kara's suggestion.
> >
> > The Linux kernel CVE team has assigned CVE-2024-42143 to this issue.
>
> I think this one needs to be disputed as there was no actual out of
> bounds access. The fix is basically just silencing the string
> fortification warning which was due to:
>
> memcpy(&buf->f_fsid, &ORANGEFS_SB(sb)->fs_id, sizeof(buf->f_fsid));
>
> and fortify-string complaining as it detects that memory beyond
> sb->fs_id is going to be accessed, which was intentional:
>
> struct orangefs_sb_info_s {
> [...]
> __s32 fs_id;
> int id;
> [...]
> };
>
> The fix simply made the fs_id and id fields assignment explicit so as to
> avoid the warning.
>
> Mike, could you confirm that this should not be a CVE?
Sorry for the delay, now rejected.
greg k-h
Powered by blists - more mailing lists