APPLIED [OEM-6.0/OEM-6.1] Re: [SRU][Jammy/Jammy-OEM-6.0/Jammy-OEM-6.1/Lunar][PATCH 0/1] CVE-2023-4273
Timo Aaltonen
tjaalton at ubuntu.com
Tue Aug 22 10:38:18 UTC 2023
Yuxuan Luo kirjoitti 18.8.2023 klo 0.33:
> [Impact]
> A flaw was found in the exFAT driver of the Linux kernel. The
> vulnerability exists in the implementation of the file name
> reconstruction function, which is responsible for reading file name
> entries from a directory index and merging file name parts belonging to
> one file into a single long file name. Since the file name characters
> are copied into a stack variable, a local privileged attacker could use
> this flaw to overflow the kernel stack.
>
> [Backport]
> It is a clean cherry pick on Lunar.
> For Jammy and OEM kernels, there are two conflicts, `int i, err;` line
> and `struct ... es;` line, which requires commits 8258ef28001a (“exfat:
> handle unreconized benign secondary entries”) and 20914ff6dd56 (“exfat:
> move exfat_entry_set_cache from heap to stack”) respectively. However,
> they are not relevant to this fix, ignore them and backport the fix
> manually.
>
> [Test]
> Tested via mounting exfat file system and rename a file with a very long name.
>
> [Potential Regression]
> Expect very low regression potential.
>
>
> Namjae Jeon (1):
> exfat: check if filename entries exceeds max filename length
>
> fs/exfat/dir.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
applied to oem kernels, thanks
--
t
More information about the kernel-team
mailing list