Re: Linux kernel: f2fs: out-of-bounds memory access bug

[butt3rflyh4ck <butterflyhuangxx () gmail com>]

Hi, RedHat has assigned CVE-2021-3506 to this issue.

Regards,
 butt3rflyh4ck.



On Sat, May 8, 2021 at 12:24 AM butt3rflyh4ck
<butterflyhuangxx () gmail com> wrote:
> The patch is for this issue in upstream linux:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs.git/commit/?h=dev&id=b862676e371715456c9dade7990c8004996d0d9e
>
> Regards,
>  butt3rflyh4ck.
>
>
> On Mon, Mar 29, 2021 at 12:00 AM butt3rflyh4ck
> <butterflyhuangxx () gmail com> wrote:
> > Hi,
> >
> > I reported an out of bounds memory access bug in get_next_net_page()
> > in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out
> > and tested it in 5.12.0-rc4.
> >
> > Root Cause:
> >  the f2fs_flush_nat_entries()  function is called during the
> > checkpointing process,
> > when it flush dirty nats in nat entry sets, it will call
> > __flush_nat_entry_set(), but before call it,the legality of nids is
> > not correctly tested. If the nids is out of range, may access
> > out-of-bounds memory.
> >
> > Some details and Patch for this issue:
> > https://www.mail-archive.com/linux-kernel () vger kernel org/msg2520013.html
> > Now the patch is not available in upstream, CVE is not assigned.
> >
> > Now announced on oss-security () lists openwl com.
> >
> > This issue was discovered by the ADLab of venustech.
> >
> > Regards,
> >  butt3rflyh4ck.
>
>
>
> --
> Active Defense Lab of Venustech



--
Active Defense Lab of Venustech