Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:nilfs2: handle errors that nilfs_prepare_chunk() may returnPatch series "nilfs2: fix issues with rename operations".This series fixes BUG_ON check failures reported by syzbot around renameoperations, and a minor behavioral issue where the mtime of a childdirectory changes when it is renamed instead of moved.This patch (of 2):The directory manipulation routines nilfs_set_link() andnilfs_delete_entry() rewrite the directory entry in the folio/pagepreviously read by nilfs_find_entry(), so error handling is omitted on theassumption that nilfs_prepare_chunk(), which prepares the buffer forrewriting, will always succeed for these. And if an error is returned, ittriggers the legacy BUG_ON() checks in each routine.This assumption is wrong, as proven by syzbot: the buffer layer called bynilfs_prepare_chunk() may call nilfs_get_block() if necessary, which mayfail due to metadata corruption or other reasons. This has been there allalong, but improved sanity checks and error handling may have made it morereproducible in fuzzing tests.Fix this issue by adding missing error paths in nilfs_set_link(),nilfs_delete_entry(), and their caller nilfs_rename().
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/w4zu/Debian_security