ACK: [SRU B/D/E/F/U] CVE-2019-16089: nbd_genl_status NULL check
Colin Ian King
colin.king at canonical.com
Tue Jun 16 11:13:46 UTC 2020
On 16/06/2020 12:08, Thadeu Lima de Souza Cascardo wrote:
> Description:
> An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status
> in drivers/block/nbd.c does not check the nla_nest_start_noflag return
> value.
>
> [Impact]
> There is no practical exploit for this, as any possible preallocation will
> allow enough space for the nested attribute header to be put.
>
> However, if any code underlying message allocation changes, this could be
> turned into a real issue. So, the fix makes the code strictly correct, in
> verifying a NULL return.
>
> The potential issue would be a NULL deref with a small known offset,
> leading to a DoS.
>
> [Test case]
> I ran a netlink program that exercised that function, tried with different
> number of nbd devices, including 0, and saw no issues.
>
> [Regression potential]
> It could break the netlink nbd status command, but that was tested with the
> program above.
>
>
>
Looks sane to me.
Acked-by: Colin Ian King <colin.king at canonical.com>
More information about the kernel-team
mailing list