References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map

The DAT inode's btree node cache (i_assoc_inode) is initialized lazily
during btree operations. However, nilfs_mdt_save_to_shadow_map()
assumes i_assoc_inode is already initialized when copying dirty pages
to the shadow map during GC.

If NILFS_IOCTL_CLEAN_SEGMENTS is called immediately after mount before
any btree operation has occurred on the DAT inode, i_assoc_inode is
NULL leading to a general protection fault.

Fix this by calling nilfs_attach_btree_node_cache() on the DAT inode
in nilfs_dat_read() at mount time, ensuring i_assoc_inode is always
initialized before any GC operation can use it.

https://git.kernel.org/stable/c/41de342278ae025c99cc8d33648773f05e306cf1

https://git.kernel.org/stable/c/449ec5fc99f45974525ba9eea16b6670c45cd363

https://git.kernel.org/stable/c/97fb7afec404912d967a7d4715f37742666b3084

https://git.kernel.org/stable/c/c36e206f302f1ddefed92d09ecbba070e1ae079e