oss-sec mailing list archives
Linux kernel: f2fs: out-of-bounds memory access bug
From: butt3rflyh4ck <butterflyhuangxx () gmail com>
Date: Mon, 29 Mar 2021 00:00:30 +0800
Hi, I reported an out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out and tested it in 5.12.0-rc4. Root Cause: the f2fs_flush_nat_entries() function is called during the checkpointing process, when it flush dirty nats in nat entry sets, it will call __flush_nat_entry_set(), but before call it,the legality of nids is not correctly tested. If the nids is out of range, may access out-of-bounds memory. Some details and Patch for this issue: https://www.mail-archive.com/linux-kernel () vger kernel org/msg2520013.html Now the patch is not available in upstream, CVE is not assigned. Now announced on oss-security () lists openwl com. This issue was discovered by the ADLab of venustech. Regards, butt3rflyh4ck.
Current thread:
- Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (Mar 28)