Skip to content
Snippets Groups Projects
Select Git revision
  • 01334116271037a711ad49b9a610fed00be4fa1b
  • openEuler-1.0-LTS default protected
  • openEuler-22.09
  • OLK-5.10
  • openEuler-22.03-LTS
  • openEuler-22.03-LTS-Ascend
  • master
  • openEuler-22.03-LTS-LoongArch-NW
  • openEuler-22.09-HCK
  • openEuler-20.03-LTS-SP3
  • openEuler-21.09
  • openEuler-21.03
  • openEuler-20.09
  • 4.19.90-2210.5.0
  • 5.10.0-123.0.0
  • 5.10.0-60.63.0
  • 5.10.0-60.62.0
  • 4.19.90-2210.4.0
  • 5.10.0-121.0.0
  • 5.10.0-60.61.0
  • 4.19.90-2210.3.0
  • 5.10.0-60.60.0
  • 5.10.0-120.0.0
  • 5.10.0-60.59.0
  • 5.10.0-119.0.0
  • 4.19.90-2210.2.0
  • 4.19.90-2210.1.0
  • 5.10.0-118.0.0
  • 5.10.0-106.19.0
  • 5.10.0-60.58.0
  • 4.19.90-2209.6.0
  • 5.10.0-106.18.0
  • 5.10.0-106.17.0
33 results

22b970497

  • Clone with SSH
  • Clone with HTTPS
  • user avatar
    Haimin Zhang authored and Laibin Qiu committed
    stable inclusion
    from stable-v5.10.111
    commit b9c5ac0a15f24d63b20f899072fa6dd8c93af136
    category: bugfix
    bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5RX0N?from=project-issue
    
    
    CVE: CVE-2022-3202
    
    --------------------------------
    
    [ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]
    
    Add validation check for JFS_IP(ipimap)->i_imap to prevent a NULL deref
    in diFree since diFree uses it without do any validations.
    When function jfs_mount calls diMount to initialize fileset inode
    allocation map, it can fail and JFS_IP(ipimap)->i_imap won't be
    initialized. Then it calls diFreeSpecial to close fileset inode allocation
    map inode and it will flow into jfs_evict_inode. Function jfs_evict_inode
    just validates JFS_SBI(inode->i_sb)->ipimap, then calls diFree. diFree use
    JFS_IP(ipimap)->i_imap directly, then it will cause a NULL deref.
    
    Reported-by: default avatarTCS Robot <tcs_robot@tencent.com>
    Signed-off-by: default avatarHaimin Zhang <tcs_kernel@tencent.com>
    Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    Signed-off-by: default avatarWang Hai <wanghai38@huawei.com>
    Signed-off-by: default avatarZhaoLong Wang <wangzhaolong1@huawei.com>
    Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
    Signed-off-by: default avatarLaibin Qiu <qiulaibin@huawei.com>
    01334116
    History
    Name Last commit Last update