oss-sec mailing list archives
Re: Linux kernel: f2fs: out-of-bounds memory access bug
From: butt3rflyh4ck <butterflyhuangxx () gmail com>
Date: Sat, 8 May 2021 14:32:45 +0800
Hi, RedHat has assigned CVE-2021-3506 to this issue. Regards, butt3rflyh4ck. On Sat, May 8, 2021 at 12:24 AM butt3rflyh4ck <butterflyhuangxx () gmail com> wrote:
The patch is for this issue in upstream linux: https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=b862676e371715456c9dade7990c8004996d0d9e Regards, butt3rflyh4ck. On Mon, Mar 29, 2021 at 12:00 AM butt3rflyh4ck <butterflyhuangxx () gmail com> wrote:Hi, I reported an out of bounds memory access bug in get_next_net_page() in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out and tested it in 5.12.0-rc4. Root Cause: the f2fs_flush_nat_entries() function is called during the checkpointing process, when it flush dirty nats in nat entry sets, it will call __flush_nat_entry_set(), but before call it,the legality of nids is not correctly tested. If the nids is out of range, may access out-of-bounds memory. Some details and Patch for this issue: https://www.mail-archive.com/linux-kernel () vger kernel org/msg2520013.html Now the patch is not available in upstream, CVE is not assigned. Now announced on oss-security () lists openwl com. This issue was discovered by the ADLab of venustech. Regards, butt3rflyh4ck.-- Active Defense Lab of Venustech
-- Active Defense Lab of Venustech
Current thread:
- Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 07)
- Re: Linux kernel: f2fs: out-of-bounds memory access bug butt3rflyh4ck (May 08)