Bug 1936786 (CVE-2021-3428)

Summary: CVE-2021-3428 kernel: integer overflow in ext4_es_cache_extent
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bhu, blc, bmasney, bxue, chwhite, dvlasenk, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, kyoshida, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, steved, walters, williams
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.9-rc2 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1937730, 1937731, 1937732, 1937733, 1936787, 1938517, 1938518, 1938519, 1938520, 1938521    
Bug Blocks: 1919799, 1972621    

Description Dhananjay Arunesh 2021-03-09 07:11:26 UTC
The Linux kernel's ext4 file system implementation contains an integer overflow that can be triggered by mounting a crafted file system. The problem occurs in ext4_es_cache_extent(), when lblk + len exceeds 2^32.

Comment 1 Dhananjay Arunesh 2021-03-09 07:12:18 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1936787]

Comment 4 Rohit Keshri 2021-03-10 19:38:18 UTC
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Comment 15 Justin M. Forbes 2021-04-13 16:07:10 UTC
This was fixed for Fedora with the 5.8.6 stable kernel update.

Comment 36 Mauro Matteo Cascella 2023-08-01 09:28:17 UTC
The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:

kernel in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:1578

kernel-rt in Red Hat Enterprise Linux 8
https://access.redhat.com/errata/RHSA-2021:1739