ext4: add validity checks for bitmap block numbers - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Theodore Ts'o <tytso@mit.edu>	2018-03-26 23:54:10 -0400
committer	Moyster <oysterized@gmail.com>	2018-12-02 00:00:49 +0100
commit	a8841746bc441079669314b912660d584f274dbd (patch)
tree	ec3baf045410624c58e09cc2050b4a739d890a9d /kernel/sysctl_binary.c
parent	fcb33641c55043c2f15304e86b195c017f4e57be (diff)

ext4: add validity checks for bitmap block numbers

commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f upstream. An privileged attacker can cause a crash by mounting a crafted ext4 image which triggers a out-of-bounds read in the function ext4_valid_block_bitmap() in fs/ext4/balloc.c. This issue has been assigned CVE-2018-1093. Backport notes: 3.18.y is missing commit 6a797d273783 ("ext4: call out CRC and corruption errors with specific error codes") so the EFSCORRUPTED label doesn't exist. Replaced all instances of EFSCORRUPTED with EUCLEAN since that's what 6a797d273783 defined it as. BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181 BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782 Reported-by: Wen Xu <wen.xu@gatech.edu> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org [harsh@prjkt.io: s/EFSCORRUPTED/EUCLEAN/ fs/ext4/balloc.c] Signed-off-by: Harsh Shandilya <harsh@prjkt.io> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel/sysctl_binary.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: