| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-26697: nilfs2: fix data corruption in dsync block recovery for small block sizes |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| nilfs2: fix data corruption in dsync block recovery for small block sizes |
| |
| The helper function nilfs_recovery_copy_block() of |
| nilfs_recovery_dsync_blocks(), which recovers data from logs created by |
| data sync writes during a mount after an unclean shutdown, incorrectly |
| calculates the on-page offset when copying repair data to the file's page |
| cache. In environments where the block size is smaller than the page |
| size, this flaw can cause data corruption and leak uninitialized memory |
| bytes during the recovery process. |
| |
| Fix these issues by correcting this byte offset calculation on the page. |
| |
| The Linux kernel CVE team has assigned CVE-2024-26697 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 4.19.307 with commit 5278c3eb6bf5896417572b52adb6be9d26e92f65 |
| Fixed in 5.4.269 with commit a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba |
| Fixed in 5.10.210 with commit 364a66be2abdcd4fd426ffa44d9b8f40aafb3caa |
| Fixed in 5.15.149 with commit 120f7fa2008e3bd8b7680b4ab5df942decf60fd5 |
| Fixed in 6.1.79 with commit 9c9c68d64fd3284f7097ed6ae057c8441f39fcd3 |
| Fixed in 6.6.18 with commit 2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d |
| Fixed in 6.7.6 with commit 2000016bab499074e6248ea85aeea7dd762355d9 |
| Fixed in 6.8 with commit 67b8bcbaed4777871bb0dcc888fb02a614a98ab1 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-26697 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| fs/nilfs2/recovery.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65 |
| https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba |
| https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa |
| https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5 |
| https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3 |
| https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d |
| https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9 |
| https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1 |
