[SRU][F/J/M][PATCH 0/1] CVE-2024-23851
Yuxuan Luo
yuxuan.luo at canonical.com
Thu Feb 22 21:59:02 UTC 2024
[Impact]
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can
attempt to allocate more than INT_MAX bytes, and crash, because of a
missing param_kernel->data_size check. This is related to ctl_ioctl.
[Backport]
For Mantic it is a single clean cherry pick.
For Focal and Jammy, the fix commit cannot be clean cherry picked
because of the conflict around the DMERR() lines; cherry pick
dbdcc906d978 (“dm ioctl: log an error if the ioctl structure is
corrupted”) to solve the conflict.
[Test]
Compile and boot tested.
[Potential Regression]
A very low regression potential exists when executing copy_params() for
devices.
Mikulas Patocka (1):
dm: limit the number of targets and parameter size area
drivers/md/dm-core.h | 2 ++
drivers/md/dm-ioctl.c | 3 ++-
drivers/md/dm-table.c | 9 +++++++--
3 files changed, 11 insertions(+), 3 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list