References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix shift-out-of-bounds due to too large exponent of block size

If field s_log_block_size of superblock data is corrupted and too large,
init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds
warning followed by a kernel panic (if panic_on_warn is set):

 shift exponent 38973 is too large for 32-bit type 'int'
 Call Trace:
  <TASK>
  dump_stack_lvl+0xcd/0x134
  ubsan_epilogue+0xb/0x50
  __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5
  init_nilfs.cold.11+0x18/0x1d [nilfs2]
  nilfs_mount+0x9b5/0x12b0 [nilfs2]
  ...

This fixes the issue by adding and using a new helper function for getting
block size with sanity check.

https://git.kernel.org/stable/c/8b6ef451b5701b37d9a5905534595776a662edfc

https://git.kernel.org/stable/c/a16731fa1b96226c75bbf18e73513b14fc318360

https://git.kernel.org/stable/c/ddb6615a168f97b91175e00eda4c644741cf531c

https://git.kernel.org/stable/c/ebeccaaef67a4895d2496ab8d9c2fb8d89201211

https://git.kernel.org/stable/c/ec93b5430ec0f60877a5388bb023d60624f9ab9f