Hi, there is a patch for this issue. https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@xxxxxxxxxxx/T/#u On Tue, Aug 16, 2022 at 3:36 PM John Haxby <john.haxby@xxxxxxxxxx> wrote: > > > > > On 15 Aug 2022, at 11:56, 许嘉诚 <stitch@xxxxxxxxxx> wrote: > > > > Hi developers, > > > > We may found a flaw in the fs module which can lead to UAF write or DoS. > > We would appreciate a CVE ID if this is a security issue. > > > > Confirming that your message made it through to linux-distros, but you haven't mentioned a date when this would be made public. However, > > > Someone found the similar problem: https://groups.google.com/g/syzkaller-bugs/c/z2WroC3_BSw. > > > > Fix this bug by moving the assignment of inode->i_private before security_inode_alloc. > > There's already a public discussion about that and if, indeed, that's the same bug then you should take this to oss-security as simply a rediscovery of an existing bug. > > I'll leave it to Red Hat to decide whether to allocate a CVE number for this issue. It needs significant privileges to exploit it; the only real question is whether you could use those privileges to crash the machine anyway. > > jch > > -- > You received this message because you are subscribed to the Google Groups "syzkaller" group. > To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@xxxxxxxxxxxxxxxx. > To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/8C0C088A-11A4-4D0E-93B9-CA70F0040341%40oracle.com. -- Active Defense Lab of Venustech
