APPLIED/cmnt: [PATCH 0/1][T/X/B] CVE-2018-18690 - Denial of service in XFS
Khaled Elmously
khalid.elmously at canonical.com
Thu Nov 29 07:18:06 UTC 2018
Applied to all targets. Note that the patch as it was didn't actually apply to Trusty as it needed to be adjusted for context and path-changes. I made the necessary adjustments and updated the commit message accordingly (changed it from 'cherry picked from' to 'backported from').
On 2018-11-20 01:31:09 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2018-18690
>
> In the Linux kernel before 4.17, a local attacker able to set attributes on
> an xfs filesystem could make this filesystem non-operational until the next
> mount by triggering an unchecked error condition during an xfs attribute
> change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
> mishandles ATTR_REPLACE operations with conversion of an attr from short to
> long form.
>
> Clean cherry pick in Bionic through Trusty. I tested this change in all
> affected releases manually via the reproducer in the upstream kernel.org bug
> report. The build logs are clean.
>
> Tyler
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list