Re: [CVE-2018-1092][T/X/A/B/C] ext4: fail ext4_iget for root directory if unallocated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2018-05-14 08:17:52 , Greg KH wrote:
> On Mon, May 14, 2018 at 01:27:13AM -0400, Khalid Elmously wrote:
> > From: Theodore Ts'o <tytso@xxxxxxx>
> > 
> > CVE-2018-1092
> > 
> > If the root directory has an i_links_count of zero, then when the file
> > system is mounted, then when ext4_fill_super() notices the problem and
> > tries to call iput() the root directory in the error return path,
> > ext4_evict_inode() will try to free the inode on disk, before all of
> > the file system structures are set up, and this will result in an OOPS
> > caused by a NULL pointer dereference.
> > 
> > This issue has been assigned CVE-2018-1092.
> > 
> > https://bugzilla.kernel.org/show_bug.cgi?id=199179
> > https://bugzilla.redhat.com/show_bug.cgi?id=1560777
> > 
> > Reported-by: Wen Xu <wen.xu@xxxxxxxxxx>
> > Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
> > Cc: stable@xxxxxxxxxxxxxxx
> > (cherry-picked from 8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44)
> > Signed-off-by: Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx>
> > ---
> >  fs/ext4/inode.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> 
> Any specific reason you sent a patch that is already included in all of
> the active stable trees, to the stable mailing list?

Well I thought why not apply the patch again for _extra_ protection?

> 
> And nice fuzzymail address :)

Thanks :)



Seriously though: I mis-used git-send-email while sending a test patch to myself and ended up CC'ing the stable ML - apologies for the spam.

> 
> greg k-h

Khalid



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux