Описание
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in fs/ext4/ext4.h:591:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c ext4_init_fs+0x5a/0x277 do_one_initcall+0x76/0x430 kernel_init_freeable+0x3b3/0x422 kernel_init+0x24/0x1e0 ret_from_fork+0x1f/0x30
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in fs/ext4/ext4.h:591:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: dump_stack_lvl+0x7d/0xa5 dump_stack+0x15/0x1b ubsan_epilogue+0xe/0x4e __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c ext4_init_fs+0x5a/0x277 do_one_initcall+0x76/0x430 kernel_init_freeable+0x3b3/0x422 kernel_init+0x24/0x1e0 ret_from_fork+0x1f/0x30
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-50403
- https://git.kernel.org/stable/c/205ac16628aca9093931fcbdb4bcd00d0eb94132
- https://git.kernel.org/stable/c/3bf678a0f9c017c9ba7c581541dbc8453452a7ae
- https://git.kernel.org/stable/c/4690a4bdcf1470cb161aff1be30bd143b9dffd89
- https://git.kernel.org/stable/c/5da9e607547f73dc7a643f35b0487992fd66910f
- https://git.kernel.org/stable/c/743e9d708743d98464ccbd56e820d87dc6d1d629
- https://git.kernel.org/stable/c/7753d6657873a2523a9989e6c09090cd503bbcda
- https://git.kernel.org/stable/c/d7f93fc6fba8ff017be871be7edf8614a785ccad
- https://git.kernel.org/stable/c/dd5639d36a5e4e42fd0fe05cc0b2ad9ddd3fca9d
- https://git.kernel.org/stable/c/f9cd6980800bbfd11bf94eb5f942049d4d4eaa52
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image, the kernel performs an incorrect calculation. This action results in unpredictable system behavior.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
