[SRU][N][PATCH 0/1] CVE-2024-56598
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Wed Mar 12 09:45:46 UTC 2025
https://ubuntu.com/security/CVE-2024-56598
[ Impact ]
jfs: array-index-out-of-bounds fix in dtReadFirst
The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.
[ Fix ]
Oracular: Fixed via upstream stable updates (LP: #2096827)
Noble: Clean cherry pick from mainline
Jammy: Fixed via upstream stable updates (LP: #2095283)
Focal: Fixed via upstream stable updates (LP: #2095145)
[ Test Plan ]
Compile and boot tested on amd64.
Stress tested a jfs partition using stress-ng:
$ sudo stress-ng --hdd 2 --dir 2 --fallocate 2 --aggressive --metrics --timeout 5m
...
stress-ng: info: [1288] passed: 5: hdd (2) dir (2) fallocate (1)
stress-ng: info: [1288] setting to a 5 mins, 0 secs run per stressor
stress-ng: info: [1288] dispatching hogs: 2 hdd, 2 dir, 2 fallocate
stress-ng: info: [1288] failed: 0
stress-ng: info: [1288] metrics untrustworthy: 0
stress-ng: info: [1288] successful run completed in 5 mins, 0.58 secs
[ Where Problems Could Occur ]
The fix affects the JFS filesystem. An issue with this fix
may lead to improper handling of directories and files managed by JFS.
A user might experience problems such as filesystem corruption,
unexpected kernel crashes, or failures when accessing or modifying
files on a JFS partition.
More information about the kernel-team
mailing list