| Message ID | 20240607194157.18188-1-bethany.jamison@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-25739 | expand |
On 07-06-2024 21:41, Bethany Jamison wrote: > [Impact] > > ubi: Check for too small LEB size in VTBL code > > If the LEB size is smaller than a volume table record we cannot > have volumes. > In this case abort attaching. > > create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through > 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing > check for ubi->leb_size. > > [Fix] > > Noble: pending > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: fixed via stable > Bionic: fix sent to esm ML > Xenial: fix sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested > > [Where problems could occur] > > This fix affects those who use the UBI volume table (vtbl), > an issue with this fix would be visible to the user via a > system crash. > > Richard Weinberger (1): > ubi: Check for too small LEB size in VTBL code > > drivers/mtd/ubi/vtbl.c | 6 ++++++ > 1 file changed, 6 insertions(+) > Acked-by: Thibault Ferrante <thibault.ferrante@canonical.com> -- Thibault
On Fri, 2024-06-07 at 14:41 -0500, Bethany Jamison wrote: > [Impact] > > ubi: Check for too small LEB size in VTBL code > > If the LEB size is smaller than a volume table record we cannot > have volumes. > In this case abort attaching. > > create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel > through > 6.7.4 can attempt to allocate zero bytes, and crash, because of a > missing > check for ubi->leb_size. > > [Fix] > > Noble: pending > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: fixed via stable > Bionic: fix sent to esm ML > Xenial: fix sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested > > [Where problems could occur] > > This fix affects those who use the UBI volume table (vtbl), > an issue with this fix would be visible to the user via a > system crash. > > Richard Weinberger (1): > ubi: Check for too small LEB size in VTBL code > > drivers/mtd/ubi/vtbl.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > -- > 2.34.1 > >
On 07/06/2024 21:41, Bethany Jamison wrote: > [Impact] > > ubi: Check for too small LEB size in VTBL code > > If the LEB size is smaller than a volume table record we cannot > have volumes. > In this case abort attaching. > > create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through > 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing > check for ubi->leb_size. > > [Fix] > > Noble: pending > Mantic: Clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: fixed via stable > Bionic: fix sent to esm ML > Xenial: fix sent to esm ML > Trusty: not going to be fixed by us > > [Test Case] > > Compile and boot tested > > [Where problems could occur] > > This fix affects those who use the UBI volume table (vtbl), > an issue with this fix would be visible to the user via a > system crash. > > Richard Weinberger (1): > ubi: Check for too small LEB size in VTBL code > > drivers/mtd/ubi/vtbl.c | 6 ++++++ > 1 file changed, 6 insertions(+) > Applied to mantic:linux master-next branch. Thanks!