Description: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2070205
 https://lore.kernel.org/linux-ext4/20220428180355.15209-1-jack@suse.cz/T/#t
 https://bugzilla.suse.com/show_bug.cgi?id=1198577
Notes:
 carnil> Fixed as well in 5.17.14 for 5.17.y, 5.18.3 for 5.18.y.
 carnil> Ben, pelase double check if you agree on the triage. It is
 carnil> based on the additional information provided in the SUSE
 carnil> bugzilla.
 carnil> Turns out that 46c116b920eb ("ext4: verify dir block before
 carnil> splitting it") and 3ba733f879c2 ("ext4: avoid cycles in
 carnil> directory h-tree") are not the upstream fixes, but according to
 carnil> Lukas Czerner the following is needed:
 carnil> 65f8ea4cd57d ("ext4: check if directory block is within
 carnil> i_size") to fix the CVE and additional as defensive measure
 carnil> b8a04fe77ef1 ("ext4: make sure ext4_append() always allocates
 carnil> new block").
 carnil> Fixed as well in 5.18.18 for 5.18.y and in 5.19.2 for 5.19.y.
 carnil> Second commit in 6.0.3 for 6.0.y.
Bugs:
upstream: released (6.0-rc1) [65f8ea4cd57dbd46ea13b41dc8bac03176b04233], released (6.1-rc1) [61a1d87a324ad5e3ed27c6699dfc93218fcf3201]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.137) [1571c4613059fce2a02508bb8206af75e24c0d58], released (5.10.150) [483831ad0440f62c10d1707c97ce824bd82d98ae]
4.19-upstream-stable: needed
sid: released (5.19.6-1), released (6.0.3-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: released (5.10.140-1), released (5.10.148-1) [bugfix/all/ext4-fix-check-for-block-being-out-of-directory-size.patch]
4.19-buster-security: needed