ghsa-3j4f-wx4w-q2cq
Vulnerability from github
Published
2024-02-22 18:30
Modified
2024-03-18 18:32
Severity
5.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix inconsistent per-file compression format

EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization.

However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA algorithmtype even it's not set in sbi->available_compr_algs. This can lead to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in.

Fix this by checking against sbi->available_compr_algs for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-26590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-22T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it\u0027s not set in `sbi-\u003eavailable_compr_algs`.  This\ncan lead to an unexpected \"BUG: kernel NULL pointer dereference\" if\nthe corresponding decompressor isn\u0027t built-in.\n\nFix this by checking against `sbi-\u003eavailable_compr_algs` for each\nm_algorithmformat request.  Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously.",
  "id": "GHSA-3j4f-wx4w-q2cq",
  "modified": "2024-03-18T18:32:18Z",
  "published": "2024-02-22T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26590"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.