References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: validate payload size before accessing journal metadata

r5c_recovery_analyze_meta_block() and
r5l_recovery_verify_data_checksum_for_mb() iterate over payloads in a
journal metadata block using on-disk payload size fields without
validating them against the remaining space in the metadata block.

A corrupted journal contains payload sizes extending beyond the PAGE_SIZE
boundary can cause out-of-bounds reads when accessing payload fields or
computing offsets.

Add bounds validation for each payload type to ensure the full payload
fits within meta_size before processing.

https://git.kernel.org/stable/c/33698bd1b2db9764a29df7751533d33967ff5c98

https://git.kernel.org/stable/c/406aa86394ead347c47428fb51b6359bdaa2257d

https://git.kernel.org/stable/c/73ce72edd113374801045924d4417199963f73a3

https://git.kernel.org/stable/c/b0cc3ae97e893bf54bbce447f4e9fd2e0b88bff9

https://git.kernel.org/stable/c/c3a1cf78bd1bbb51b2cc5189b4743056553c1e0e