Updated: 2024-11-24 04:04:02.843988
Description:
In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer. Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Ignored | 2024-08-27 12:22:50 | ||
| CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-07-09 14:21:36 | ||
| CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-07-09 14:21:35 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-08-20 12:24:08 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-08-20 12:24:08 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Ignored | 2024-08-20 12:24:07 | ||
| CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-07-15 10:19:57 | ||
| CloudLinux 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-07-22 12:05:44 | ||
| Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-07-15 10:19:57 | ||
| Oracle Linux 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-12-03 12:09:44 |