Message ID | 20240322171038.13337-1-bethany.jamison@canonical.com |
---|---|
Headers | show |
Series | CVE-2023-52600 | expand |
On 22.03.24 18:10, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > jfs: fix uaf in jfs_evict_inode > > When the execution of diMount(ipimap) fails, the object ipimap that has > been > released may be accessed in diFreeSpecial(). Asynchronous ipimap release > occurs > when rcu_core() calls jfs_free_node(). > > Therefore, when diMount(ipimap) fails, sbi->ipimap should not be > initialized as > ipimap. > > [Fix] > > Mantic: Clean cherry-pick > Jammy: Mantic patch applied cleanly > Focal: Mantic patch applied cleanly > Bionic: sent to esm ML > Xenial: sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects jfs, issues could occur when initializing the > inode map to keep track of files and directories within the > filesystem. > > v2: edited Fix section > > v3: added version number, forgot to version for v2 resubmission > > Edward Adam Davis (1): > jfs: fix uaf in jfs_evict_inode > > fs/jfs/jfs_mount.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > Acked-by: Stefan Bader <stefan.bader@canonical.com>
On Fri, Mar 22, 2024 at 12:10:37PM -0500, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > jfs: fix uaf in jfs_evict_inode > > When the execution of diMount(ipimap) fails, the object ipimap that has > been > released may be accessed in diFreeSpecial(). Asynchronous ipimap release > occurs > when rcu_core() calls jfs_free_node(). > > Therefore, when diMount(ipimap) fails, sbi->ipimap should not be > initialized as > ipimap. > > [Fix] > > Mantic: Clean cherry-pick > Jammy: Mantic patch applied cleanly > Focal: Mantic patch applied cleanly > Bionic: sent to esm ML > Xenial: sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects jfs, issues could occur when initializing the > inode map to keep track of files and directories within the > filesystem. > > v2: edited Fix section > > v3: added version number, forgot to version for v2 resubmission > > Edward Adam Davis (1): > jfs: fix uaf in jfs_evict_inode > > fs/jfs/jfs_mount.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > -- > 2.34.1 > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
On 22.03.24 18:10, Bethany Jamison wrote: > [Impact] > > In the Linux kernel, the following vulnerability has been resolved: > > jfs: fix uaf in jfs_evict_inode > > When the execution of diMount(ipimap) fails, the object ipimap that has > been > released may be accessed in diFreeSpecial(). Asynchronous ipimap release > occurs > when rcu_core() calls jfs_free_node(). > > Therefore, when diMount(ipimap) fails, sbi->ipimap should not be > initialized as > ipimap. > > [Fix] > > Mantic: Clean cherry-pick > Jammy: Mantic patch applied cleanly > Focal: Mantic patch applied cleanly > Bionic: sent to esm ML > Xenial: sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This affects jfs, issues could occur when initializing the > inode map to keep track of files and directories within the > filesystem. > > v2: edited Fix section > > v3: added version number, forgot to version for v2 resubmission > > Edward Adam Davis (1): > jfs: fix uaf in jfs_evict_inode > > fs/jfs/jfs_mount.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > Applied to mantic,jammy,focal:linux/master-next. Thanks. -Stefan