[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Linux kernel: f2fs: out-of-bounds memory access bug
From: butt3rflyh4ck <butterflyhuangxx () gmail ! com>
Date: 2021-03-28 16:00:30
Message-ID: CAFcO6XO2k=X2H24tg_GTgoTQMLv=0ajAyuyeK0YKgvqiM5vPWg () mail ! gmail ! com
[Download RAW message or body]
Hi,
I reported an out of bounds memory access bug in get_next_net_page()
in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out
and tested it in 5.12.0-rc4.
Root Cause:
the f2fs_flush_nat_entries() function is called during the
checkpointing process,
when it flush dirty nats in nat entry sets, it will call
__flush_nat_entry_set(), but before call it,the legality of nids is
not correctly tested. If the nids is out of range, may access
out-of-bounds memory.
Some details and Patch for this issue:
https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html
Now the patch is not available in upstream, CVE is not assigned.
Now announced on oss-security@lists.openwl.com.
This issue was discovered by the ADLab of venustech.
Regards,
butt3rflyh4ck.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic