| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKYAXd-OSYg3fVoxDKVQm6r2kQDJuR-UfL26_ijoCPMsxX=L8Q@mail.gmail.com> Date: Wed, 15 Oct 2025 14:39:42 +0900 From: Namjae Jeon <linkinjeon@...nel.org> To: Jaehun Gou <p22gone@...il.com> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Seunghun Han <kkamagui@...il.com>, Jihoon Kwon <jimmyxyz010315@...il.com> Subject: Re: [PATCH] fs: exfat: fix improper check of dentry.stream.valid_size On Tue, Oct 14, 2025 at 10:02 PM Jaehun Gou <p22gone@...il.com> wrote: > > We found an infinite loop bug in the exFAT file system that can lead to a > Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is > malformed, the following system calls — SYS_openat, SYS_ftruncate, and > SYS_pwrite64 — can cause the kernel to hang. > > Root cause analysis shows that the size validation code in exfat_find() > does not check whether dentry.stream.valid_size is negative. As a result, > the system calls mentioned above can succeed and eventually trigger the DoS > issue. > > This patch adds a check for negative dentry.stream.valid_size to prevent > this vulnerability. > > Co-developed-by: Seunghun Han <kkamagui@...il.com> > Signed-off-by: Seunghun Han <kkamagui@...il.com> > Co-developed-by: Jihoon Kwon <jimmyxyz010315@...il.com> > Signed-off-by: Jihoon Kwon <jimmyxyz010315@...il.com> > Signed-off-by: Jaehun Gou <p22gone@...il.com> Applied it to #dev. Thanks!
Powered by blists - more mailing lists