ext4: limit length to bitmap_maxbytes
Bug #1972281 reported by
Paolo Pisati
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Incomplete
|
Undecided
|
Unassigned | ||
Trusty |
In Progress
|
High
|
Unassigned | ||
Xenial |
In Progress
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Luke Nowakowski-Krijger | ||
Focal |
Fix Released
|
High
|
Stefan Bader | ||
Impish |
Fix Released
|
High
|
Kleber Sacilotto de Souza | ||
Jammy |
Fix Released
|
High
|
Stefan Bader |
Bug Description
[Impact]
Abusing ext4_fallocate() (as a normal user) triggers a BUG()/kernel panic.
[Fix]
Apply this upstream fix:
commit 2da376228a24275
Author: Tadeusz Struk <email address hidden>
Date: Thu Mar 31 13:05:15 2022 -0700
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
[Test]
The reporter has provided a working reproducer.
[Where problems could occur]
Upstream fix already slated for @stable inclusion.
CVE References
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → High |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Impish): | |
importance: | Undecided → High |
status: | Incomplete → In Progress |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Xenial): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Trusty): | |
importance: | Undecided → High |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
assignee: | nobody → Stefan Bader (smb) |
Changed in linux (Ubuntu Jammy): | |
assignee: | nobody → Stefan Bader (smb) |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
assignee: | nobody → Luke Nowakowski-Krijger (lukenow) |
Changed in linux (Ubuntu Impish): | |
status: | In Progress → Fix Committed |
assignee: | nobody → Kleber Sacilotto de Souza (kleber-souza) |
tags: |
added: verification-done-jammy removed: verification-needed-jammy |
tags: |
added: verification-done-focal removed: verification-needed-focal |
tags: |
added: verification-done-impish removed: verification-needed-impish |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1972281
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.