[SRU B/D/E/F/U] CVE-2019-16089: nbd_genl_status NULL check
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Tue Jun 16 11:08:47 UTC 2020
Description:
An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status
in drivers/block/nbd.c does not check the nla_nest_start_noflag return
value.
[Impact]
There is no practical exploit for this, as any possible preallocation will
allow enough space for the nested attribute header to be put.
However, if any code underlying message allocation changes, this could be
turned into a real issue. So, the fix makes the code strictly correct, in
verifying a NULL return.
The potential issue would be a NULL deref with a small known offset,
leading to a DoS.
[Test case]
I ran a netlink program that exercised that function, tried with different
number of nbd devices, including 0, and saw no issues.
[Regression potential]
It could break the netlink nbd status command, but that was tested with the
program above.
More information about the kernel-team
mailing list