cve/published/2022/CVE-2022-49343.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49343: ext4: avoid cycles in directory h-tree

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ext4: avoid cycles in directory h-tree

 A maliciously corrupted filesystem can contain cycles in the h-tree
 stored inside a directory. That can easily lead to the kernel corrupting
 tree nodes that were already verified under its hands while doing a node
 split and consequently accessing unallocated memory. Fix the problem by
 verifying traversed block numbers are unique.

 The Linux kernel CVE team has assigned CVE-2022-49343 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.14.283 with commit 24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3
 	Fixed in 4.19.247 with commit b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0
 	Fixed in 5.4.198 with commit e157c8f87e8fac112d6c955e69a60cdb9bc80a60
 	Fixed in 5.10.121 with commit ff4cafa51762da3824881a9000ca421d4b78b138
 	Fixed in 5.15.46 with commit 3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc
 	Fixed in 5.17.14 with commit d5a16a6df2c16eaf4de04948553ef0089dee463f
 	Fixed in 5.18.3 with commit 6084240bfc44bf265ab6ae7d96980469b05be0f1
 	Fixed in 5.19 with commit 3ba733f879c2a88910744647e41edeefbc0d92b2

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49343
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ext4/namei.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3
 	https://git.kernel.org/stable/c/b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0
 	https://git.kernel.org/stable/c/e157c8f87e8fac112d6c955e69a60cdb9bc80a60
 	https://git.kernel.org/stable/c/ff4cafa51762da3824881a9000ca421d4b78b138
 	https://git.kernel.org/stable/c/3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc
 	https://git.kernel.org/stable/c/d5a16a6df2c16eaf4de04948553ef0089dee463f
 	https://git.kernel.org/stable/c/6084240bfc44bf265ab6ae7d96980469b05be0f1
 	https://git.kernel.org/stable/c/3ba733f879c2a88910744647e41edeefbc0d92b2
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49343: ext4: avoid cycles in directory h-tree

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ext4: avoid cycles in directory h-tree

	A maliciously corrupted filesystem can contain cycles in the h-tree
	stored inside a directory. That can easily lead to the kernel corrupting
	tree nodes that were already verified under its hands while doing a node
	split and consequently accessing unallocated memory. Fix the problem by
	verifying traversed block numbers are unique.

	The Linux kernel CVE team has assigned CVE-2022-49343 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.14.283 with commit 24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3
	Fixed in 4.19.247 with commit b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0
	Fixed in 5.4.198 with commit e157c8f87e8fac112d6c955e69a60cdb9bc80a60
	Fixed in 5.10.121 with commit ff4cafa51762da3824881a9000ca421d4b78b138
	Fixed in 5.15.46 with commit 3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc
	Fixed in 5.17.14 with commit d5a16a6df2c16eaf4de04948553ef0089dee463f
	Fixed in 5.18.3 with commit 6084240bfc44bf265ab6ae7d96980469b05be0f1
	Fixed in 5.19 with commit 3ba733f879c2a88910744647e41edeefbc0d92b2

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49343
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ext4/namei.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3
	https://git.kernel.org/stable/c/b3ad9ff6f06c1dc6abf7437691c88ca3d6da3ac0
	https://git.kernel.org/stable/c/e157c8f87e8fac112d6c955e69a60cdb9bc80a60
	https://git.kernel.org/stable/c/ff4cafa51762da3824881a9000ca421d4b78b138
	https://git.kernel.org/stable/c/3a3ce941645407cd0b0b7f01ad9e2ea3770f46cc
	https://git.kernel.org/stable/c/d5a16a6df2c16eaf4de04948553ef0089dee463f
	https://git.kernel.org/stable/c/6084240bfc44bf265ab6ae7d96980469b05be0f1
	https://git.kernel.org/stable/c/3ba733f879c2a88910744647e41edeefbc0d92b2