In the Linux kernel, the following vulnerability has been...
Moderate severity
Unreviewed
Published
Sep 13, 2024
to the GitHub Advisory Database
•
Updated Sep 19, 2024
Description
Published by the National Vulnerability Database
Sep 13, 2024
Published to the GitHub Advisory Database
Sep 13, 2024
Last updated
Sep 19, 2024
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
If z_erofs_gbuf_growsize() partially fails on a global buffer due to
memory allocation failure or fault injection (as reported by syzbot [1]),
new pages need to be freed by comparing to the existing pages to avoid
memory leaks.
However, the old gbuf->pages[] array may not be large enough, which can
lead to null-ptr-deref or out-of-bound access.
Fix this by checking against gbuf->nrpages in advance.
[1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com
References