blob: 4b663331b334c5ec62bb1e589dfe215b3b1721d6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: Out-of-bounds read in f2fs
References:
https://source.android.com/security/bulletin/pixel/2019-09-01
https://android-review.googlesource.com/c/kernel/common/+/864649
Notes:
carnil> Not fully clear (to me) which specific commit is meant.
bwh> The CVE description mentions an "out-of bounds read", so the most
bwh> likely fix seemed to be commit 64beba0558fc "f2fs: sanity check of
bwh> xattr entry size". However that addresses CVE-2019-9245. The
bwh> other candidate I could see was commit 720db068634c "f2fs: check
bwh> if file namelen exceeds max value".
bwh> Apparently introduced in 3.8 when f2fs was added.
Bugs:
upstream: released (5.1-rc1) [720db068634c91553a8e1d9a0fcd8c7050e06d2b]
4.19-upstream-stable: released (4.19.97) [4124927e36b7753efb6faf1a508e2bc6783343cf]
4.9-upstream-stable: needed
3.16-upstream-stable: needed
sid: released (5.2.6-1)
4.19-buster-security: released (4.19.98-1)
4.9-stretch-security: needed
3.16-jessie-security: needed
|
