Описание
In the Linux kernel, the following vulnerability has been resolved:
jfs: Verify inode mode when loading from disk
The inode mode loaded from corrupted disk can be invalid. Do like what
commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk")
does.
A flaw was found in the Linux kernel’s Journaled File System (JFS) handling code. When inode metadata is read from disk, the inode mode field was not properly validated. If the filesystem is corrupted and presents an invalid mode value, the kernel may accept and act on that invalid mode, potentially leading to unexpected behavior in file operations, memory corruption, or denial of service. This issue could be triggered by a local attacker with access to a crafted or corrupted JFS filesystem.
Меры по смягчению последствий
To mitigate this issue on Red Hat Enterprise Linux 6 ELS, prevent the JFS filesystem module from loading if it is not required. This can be achieved by blacklisting the jfs module.
To blacklist the jfs module:
- Create a file named
/etc/modprobe.d/blacklist-jfs.confwith the following content:blacklist jfs - Regenerate the initramfs:
dracut -f -v(for systems using dracut)mkinitrd -f -v /boot/initramfs-$(uname -r).img $(uname -r)(for systems using mkinitrd) - Reboot the system for the changes to take effect.
Note: Blacklisting the
jfsmodule will prevent the system from mounting JFS filesystems. Ensure that no critical system operations rely on JFS before applying this mitigation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.5 Medium
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does.
In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does.
In the Linux kernel, the following vulnerability has been resolved: j ...
In the Linux kernel, the following vulnerability has been resolved: jfs: Verify inode mode when loading from disk The inode mode loaded from corrupted disk can be invalid. Do like what commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk") does.
EPSS
4.5 Medium
CVSS3