On Fri, Jan 03, 2025 at 03:37:31PM +0800, cheung wall wrote:
> Hello,
>
> I am writing to report a potential vulnerability identified in the
> Linux Kernel version 5.15.169. This issue was discovered using our
> custom vulnerability discovery tool.
Do you have a reproducer? If I had to guess, this was caused by a
maliciously fuzzed file system where the quota file was placed on the
orphaned file list. We have checks for the more modern quota file
support (see the checks for EXT4_IGET_SPECIAL in fs/ext4/inode.c's
__ext4_iget() function), even for antedeluvian kernel versions such as
5.15, however so that's not it.
In any case, with a crazy old kernel version, and no reproducer, it's
not something we're likely to waste any time on.
- Ted
