git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Theodore Ts'o <tytso@mit.edu>
	Tue, 27 Mar 2018 03:54:10 +0000 (23:54 -0400)
committer	Stefan Bader <stefan.bader@canonical.com>
	Tue, 14 Aug 2018 10:23:27 +0000 (12:23 +0200)
commit	87899c61d9433d0cc19569286a2db241908e49ad
tree	1184e1546923d1931537a093dbc34232d7d98457	tree
parent	7e547be9528f91824b60481dc17eb474dd2598e7	commit \| diff

ext4: add validity checks for bitmap block numbers

BugLink: http://bugs.launchpad.net/bugs/1778265
commit 7dac4a1726a9c64a517d595c40e95e2d0d135f6f upstream.

An privileged attacker can cause a crash by mounting a crafted ext4
image which triggers a out-of-bounds read in the function
ext4_valid_block_bitmap() in fs/ext4/balloc.c.

This issue has been assigned CVE-2018-1093.

BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199181
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1560782
Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>

fs/ext4/balloc.c		diff \| blob \| blame \| history
fs/ext4/ialloc.c		diff \| blob \| blame \| history