[SRU,M/J/F,0/1] CVE-2023-52600

Message ID	20240322165710.13020-1-bethany.jamison@canonical.com
Headers	show Return-Path: <kernel-team-bounces@lists.ubuntu.com> From: Bethany Jamison <bethany.jamison@canonical.com> To: kernel-team@lists.ubuntu.com Subject: [SRU][M/J/F][PATCH 0/1] CVE-2023-52600 Date: Fri, 22 Mar 2024 11:57:09 -0500 Message-Id: <20240322165710.13020-1-bethany.jamison@canonical.com> MIME-Version: 1.0 Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>
Series	CVE-2023-52600 \| expand [SRU,M/J/F,0/1] CVE-2023-52600 [SRU,M/J/F,1/1] jfs: fix uaf in jfs_evict_inode

Message ID

20240322165710.13020-1-bethany.jamison@canonical.com

Headers

From: Bethany Jamison <bethany.jamison@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][M/J/F][PATCH 0/1] CVE-2023-52600
Date: Fri, 22 Mar 2024 11:57:09 -0500
Message-Id: <20240322165710.13020-1-bethany.jamison@canonical.com>
MIME-Version: 1.0
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

Series

CVE-2023-52600 | expand

Message

Bethany Jamison March 22, 2024, 4:57 p.m. UTC

[Impact]

 In the Linux kernel, the following vulnerability has been resolved:

 jfs: fix uaf in jfs_evict_inode

 When the execution of diMount(ipimap) fails, the object ipimap that has
 been
 released may be accessed in diFreeSpecial(). Asynchronous ipimap release
 occurs
 when rcu_core() calls jfs_free_node().

 Therefore, when diMount(ipimap) fails, sbi->ipimap should not be
 initialized as
 ipimap.

[Fix]

Mantic: Clean cherry-pick
Jammy: Mantic patch applied cleanly
Focal: Mantic patch applied cleanly
Bionic: sent to esm ML
Xenial: sent to esm ML
Trusty: not going to be fixed by us

[Test Case]

Compile and boot tested.

[Where problems could occur]

This affects jfs, issues could occur when initializing the
inode map to keep track of files and directories within the 
filesystem.

Edward Adam Davis (1):
  jfs: fix uaf in jfs_evict_inode

 fs/jfs/jfs_mount.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Bethany Jamison March 22, 2024, 4:58 p.m. UTC | #1

... forgot to update version number with submission -- will update and 
send again

On 3/22/24 11:57 AM, Bethany Jamison wrote:
> [Impact]
>
>   In the Linux kernel, the following vulnerability has been resolved:
>
>   jfs: fix uaf in jfs_evict_inode
>
>   When the execution of diMount(ipimap) fails, the object ipimap that has
>   been
>   released may be accessed in diFreeSpecial(). Asynchronous ipimap release
>   occurs
>   when rcu_core() calls jfs_free_node().
>
>   Therefore, when diMount(ipimap) fails, sbi->ipimap should not be
>   initialized as
>   ipimap.
>
> [Fix]
>
> Mantic: Clean cherry-pick
> Jammy: Mantic patch applied cleanly
> Focal: Mantic patch applied cleanly
> Bionic: sent to esm ML
> Xenial: sent to esm ML
> Trusty: not going to be fixed by us
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This affects jfs, issues could occur when initializing the
> inode map to keep track of files and directories within the
> filesystem.
>
> Edward Adam Davis (1):
>    jfs: fix uaf in jfs_evict_inode
>
>   fs/jfs/jfs_mount.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>