Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: don't allow unaligned truncation on released compress inodef2fs image may be corrupted after below testcase:- mkfs.f2fs -O extra_attr,compression -f /dev/vdb- mount /dev/vdb /mnt/f2fs- touch /mnt/f2fs/file- f2fs_io setflags compression /mnt/f2fs/file- dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=4- f2fs_io release_cblocks /mnt/f2fs/file- truncate -s 8192 /mnt/f2fs/file- umount /mnt/f2fs- fsck.f2fs /dev/vdb[ASSERT] (fsck_chk_inode_blk:1256) --> ino: 0x5 has i_blocks: 0x00000002, but has 0x3 blocks[FSCK] valid_block_count matching with CP [Fail] [0x4, 0x5][FSCK] other corrupted bugs [Fail]The reason is: partial truncation assume compressed inode has reservedblocks, after partial truncation, valid block count may change w/o.i_blocks and .total_valid_block_count update, result in corruption.This patch only allow cluster size aligned truncation on releasedcompress inode for fixing.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds