On 2018-05-14 08:17:52 , Greg KH wrote: > On Mon, May 14, 2018 at 01:27:13AM -0400, Khalid Elmously wrote: > > From: Theodore Ts'o <tytso@xxxxxxx> > > > > CVE-2018-1092 > > > > If the root directory has an i_links_count of zero, then when the file > > system is mounted, then when ext4_fill_super() notices the problem and > > tries to call iput() the root directory in the error return path, > > ext4_evict_inode() will try to free the inode on disk, before all of > > the file system structures are set up, and this will result in an OOPS > > caused by a NULL pointer dereference. > > > > This issue has been assigned CVE-2018-1092. > > > > https://bugzilla.kernel.org/show_bug.cgi?id=199179 > > https://bugzilla.redhat.com/show_bug.cgi?id=1560777 > > > > Reported-by: Wen Xu <wen.xu@xxxxxxxxxx> > > Signed-off-by: Theodore Ts'o <tytso@xxxxxxx> > > Cc: stable@xxxxxxxxxxxxxxx > > (cherry-picked from 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44) > > Signed-off-by: Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx> > > --- > > fs/ext4/inode.c | 6 ++++++ > > 1 file changed, 6 insertions(+) > > Any specific reason you sent a patch that is already included in all of > the active stable trees, to the stable mailing list? Well I thought why not apply the patch again for _extra_ protection? > > And nice fuzzymail address :) Thanks :) Seriously though: I mis-used git-send-email while sending a test patch to myself and ended up CC'ing the stable ML - apologies for the spam. > > greg k-h Khalid