Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:md/md-bitmap: fix wrong bitmap_limit for clustermd when write sbIn clustermd, separate write-intent-bitmaps are used for each clusternode:0 4k 8k 12k-------------------------------------------------------------------| idle | md super | bm super [0] + bits || bm bits[0, contd] | bm super[1] + bits | bm bits[1, contd] || bm super[2] + bits | bm bits [2, contd] | bm super[3] + bits || bm bits [3, contd] | | |So in node 1, pg_index in __write_sb_page() could equal tobitmap->storage.file_pages. Then bitmap_limit will be calculated to0. md_super_write() will be called with 0 size.That means the first 4k sb area of node 1 will never be updatedthrough filemap_write_page().This bug causes hang of mdadm/clustermd_tests/01r1_Grow_resize.Here use (pg_index % bitmap->storage.file_pages) to make calculationof bitmap_limit correct.
No PoCs from references.
- https://github.com/w4zu/Debian_security