cve/published/2024/CVE-2024-50218.mbox

From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: <linux-cve-announce@vger.kernel.org>
Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
Subject: CVE-2024-50218: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

Syzbot reported a kernel BUG in ocfs2_truncate_inline.  There are two
reasons for this: first, the parameter value passed is greater than
ocfs2_max_inline_data_with_xattr, second, the start and end parameters of
ocfs2_truncate_inline are "unsigned int".

So, we need to add a sanity check for byte_start and byte_len right before
ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater
than ocfs2_max_inline_data_with_xattr return -EINVAL.

The Linux kernel CVE team has assigned CVE-2024-50218 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 4.19.323 with commit 27d95867bee806cdc448d122bd99f1d8b0544035
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 5.4.285 with commit 95fbed8ae8c32c0977e6be1721c190d8fea23f2f
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 5.10.229 with commit 70767689ec6ee5f05fb0a2c17d7ec1927946e486
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 5.15.171 with commit ecd62f684386fa64f9c0cea92eea361f4e6444c2
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 6.1.116 with commit 2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 6.6.60 with commit 88f97a4b5843ce21c1286e082c02a5fb4d8eb473
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 6.11.7 with commit 0b6b8c2055784261de3fb641c5d0d63964318e8f
	Issue introduced in 2.6.24 with commit 1afc32b952335f665327a1a9001ba1b44bb76fd9 and fixed in 6.12 with commit bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-50218
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	fs/ocfs2/file.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/27d95867bee806cdc448d122bd99f1d8b0544035
	https://git.kernel.org/stable/c/95fbed8ae8c32c0977e6be1721c190d8fea23f2f
	https://git.kernel.org/stable/c/70767689ec6ee5f05fb0a2c17d7ec1927946e486
	https://git.kernel.org/stable/c/ecd62f684386fa64f9c0cea92eea361f4e6444c2
	https://git.kernel.org/stable/c/2fe5d62e122b040ce7fc4d31aa7fa96ae328cefc
	https://git.kernel.org/stable/c/88f97a4b5843ce21c1286e082c02a5fb4d8eb473
	https://git.kernel.org/stable/c/0b6b8c2055784261de3fb641c5d0d63964318e8f
	https://git.kernel.org/stable/c/bc0a2f3a73fcdac651fca64df39306d1e5ebe3b0