| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111342-maroon-untouched-02a8@gregkh> Date: Thu, 13 Nov 2025 12:37:53 -0500 From: Greg Kroah-Hartman <gregkh@...nel.org> To: David Sterba <dsterba@...e.cz> Cc: cve@...nel.org, linux-kernel@...r.kernel.org, linux-cve-announce@...r.kernel.org Subject: Re: CVE-2025-40128: btrfs: fix symbolic link reading when bs > ps On Thu, Nov 13, 2025 at 11:40:08AM +0100, David Sterba wrote: > On Wed, Nov 12, 2025 at 07:24:04PM +0900, Greg Kroah-Hartman wrote: > > From: Greg Kroah-Hartman <gregkh@...nel.org> > > > > Description > > =========== > > > > In the Linux kernel, the following vulnerability has been resolved: > > > > btrfs: fix symbolic link reading when bs > ps > > > > [BUG DURING BS > PS TEST] > > When running the following script on a btrfs whose block size is larger > > than page size, e.g. 8K block size and 4K page size, it will trigger a > > kernel BUG: > > > > # mkfs.btrfs -s 8k $dev > > # mount $dev $mnt > > # mkdir $mnt/dir > > # ln -s dir $mnt/link > > # ls $mnt/link > > Please drop the CVE status from this patch, the bs > ps (block size > bigger than page size) feature requires CONFIG_BTRFS_EXPERIMENTAL and is > unfinished and possibly unstable in other use cases. It does not make > sense to improve security where none should be expected. Oops, good catch, now rejected, thanks for the review! greg k-h
Powered by blists - more mailing lists