References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

hfsplus: Verify inode mode when loading from disk

syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 16bits "mode" field loaded from disk are corrupted.

According to [1], the permissions field was treated as reserved in Mac OS
8 and 9. According to [2], the reserved field was explicitly initialized
with 0, and that field must remain 0 as long as reserved. Therefore, when
the "mode" field is not 0 (i.e. no longer reserved), the file must be
S_IFDIR if dir == 1, and the file must be one of S_IFREG/S_IFLNK/S_IFCHR/
S_IFBLK/S_IFIFO/S_IFSOCK if dir == 0.

https://git.kernel.org/stable/c/001f44982587ad462b3002ee40c75e8df67d597d

https://git.kernel.org/stable/c/005d4b0d33f6b4a23d382b7930f7a96b95b01f39

https://git.kernel.org/stable/c/05ec9af3cc430683c97f76027e1c55ac6fd25c59

https://git.kernel.org/stable/c/91f114bffa36ce56d0e1f60a0a44fc09baaefc79

https://git.kernel.org/stable/c/edfb2e602b5ba5ca6bf31cbac20b366efb72b156