Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to avoid out-of-boundary access in devs.path- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123- truncate -s $((1024*1024*1024)) \ /mnt/f2fs/012345678901234567890123456789012345678901234567890123- touch /mnt/f2fs/file- truncate -s $((1024*1024*1024)) /mnt/f2fs/file- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ -c /mnt/f2fs/file- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \ /mnt/f2fs/loop[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff[16937.192268] F2FS-fs (loop0): Failed to find devicesIf device path length equals to MAX_PATH_LEN, sbi->devs.path[] maynot end up w/ null character due to path array is fully filled, Soaccidently, fields locate after path[] may be treated as part ofdevice path, result in parsing wrong device path.struct f2fs_dev_info {... char path[MAX_PATH_LEN];...};Let's add one byte space for sbi->devs.path[] to store nullcharacter of device path string.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds