Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:netfs: Fix kernel async DIONetfslib needs to be able to handle kernel-initiated asynchronous DIO thatis supplied with a bio_vec[] array. Currently, because of the async flag,this gets passed to netfs_extract_user_iter() which throws a warning andfails because it only handles IOVEC and UBUF iterators. This can betriggered through a combination of cifs and a loopback blockdev withsomething like: mount //my/cifs/share /foo dd if=/dev/zero of=/foo/m0 bs=4K count=1K losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0 echo hello >/dev/loop2046This causes the following to appear in syslog: WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs]and the write to fail.Fix this by removing the check in netfs_unbuffered_write_iter_locked() thatcauses async kernel DIO writes to be handled as userspace writes. Notethat this change relies on the kernel caller maintaining the existence ofthe bio_vec array (or kvec[] or folio_queue) until the op is complete.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/oogasawa/Utility-security