APPLIED[Unstable]: [SRU B/D/E/F/U] CVE-2019-16089: nbd_genl_status NULL check
Seth Forshee
seth.forshee at canonical.com
Mon Jun 22 19:40:19 UTC 2020
On Tue, Jun 16, 2020 at 08:08:47AM -0300, Thadeu Lima de Souza Cascardo wrote:
> Description:
> An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status
> in drivers/block/nbd.c does not check the nla_nest_start_noflag return
> value.
>
> [Impact]
> There is no practical exploit for this, as any possible preallocation will
> allow enough space for the nested attribute header to be put.
>
> However, if any code underlying message allocation changes, this could be
> turned into a real issue. So, the fix makes the code strictly correct, in
> verifying a NULL return.
>
> The potential issue would be a NULL deref with a small known offset,
> leading to a DoS.
>
> [Test case]
> I ran a netlink program that exercised that function, tried with different
> number of nbd devices, including 0, and saw no issues.
>
> [Regression potential]
> It could break the netlink nbd status command, but that was tested with the
> program above.
Applied to unstable/master, thanks!
More information about the kernel-team
mailing list