[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: f2fs: out-of-bounds memory access bug
From:       butt3rflyh4ck <butterflyhuangxx () gmail ! com>
Date:       2021-03-28 16:00:30
Message-ID: CAFcO6XO2k=X2H24tg_GTgoTQMLv=0ajAyuyeK0YKgvqiM5vPWg () mail ! gmail ! com
[Download RAW message or body]

Hi,

I reported an out of bounds memory access bug in get_next_net_page()
in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out
and tested it in 5.12.0-rc4.

Root Cause:
 the f2fs_flush_nat_entries()  function is called during the
checkpointing process,
when it flush dirty nats in nat entry sets, it will call
__flush_nat_entry_set(), but before call it,the legality of nids is
not correctly tested. If the nids is out of range, may access
out-of-bounds memory.

Some details and Patch for this issue:
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html
Now the patch is not available in upstream, CVE is not assigned.

Now announced on oss-security@lists.openwl.com.

This issue was discovered by the ADLab of venustech.

Regards,
 butt3rflyh4ck.
[prev in list] [next in list] [prev in thread] [next in thread]