Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:ovl: support encoding fid from inode with no aliasDmitry Safonov reported that a WARN_ON() assertion can be trigered byuserspace when calling inotify_show_fdinfo() for an overlayfs watchedinode, whose dentry aliases were discarded with drop_caches.The WARN_ON() assertion in inotify_show_fdinfo() was removed, becauseit is possible for encoding file handle to fail for other reason, butthe impact of failing to encode an overlayfs file handle goes beyondthis assertion.As shown in the LTP test case mentioned in the link below, failure toencode an overlayfs file handle from a non-aliased inode also leads tofailure to report an fid with FAN_DELETE_SELF fanotify events.As Dmitry notes in his analyzis of the problem, ovl_encode_fh() failsif it cannot find an alias for the inode, but this failure can be fixed.ovl_encode_fh() seldom uses the alias and in the case of non-decodablefile handles, as is often the case with fanotify fid info,ovl_encode_fh() never needs to use the alias to encode a file handle.Defer finding an alias until it is actually needed so ovl_encode_fh()will not fail in the common case of FAN_DELETE_SELF fanotify events.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/oogasawa/Utility-security