Bug 2453169
| Summary: | corosync: pre-auth OOB read in check_memb_commit_token_sanity + integer overflow in check_memb_join_sanity | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sebastian Alba <sebasjosue84> |
| Component: | corosync | Assignee: | Jan Friesse <jfriesse> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | agk, anprice, jfriesse |
| Target Milestone: | --- | Keywords: | Regression, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/corosync/corosync/blob/main/exec/totemsrp.c#L3814 | ||
| Whiteboard: | |||
| Fixed In Version: | corosync-3.1.10-2.fc43 corosync-3.1.9-4.fc42 corosync-3.1.10-5.fc44 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2026-04-08 00:53:39 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Attachments: | |||
|
Description
Sebastian Alba
2026-03-30 20:18:21 UTC
Created attachment 2135489 [details] PoC for Bug 1: ASAN heap-buffer-overflow in check_memb_commit_token_sanity Created attachment 2135490 [details]
Integer overflow bypass in check_memb_join_sanity
Created attachment 2135491 [details]
ASAN output confirming OOB read
Created attachment 2135493 [details]
Output confirming integer overflow
FEDORA-2026-e34a334e81 (corosync-3.1.10-5.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-e34a334e81 FEDORA-2026-ee4ff58256 (corosync-3.1.10-2.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-ee4ff58256 FEDORA-2026-95ee0edcd5 (corosync-3.1.9-4.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2026-95ee0edcd5 FEDORA-2026-95ee0edcd5 has been pushed to the Fedora 42 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-95ee0edcd5` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-95ee0edcd5 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2026-ee4ff58256 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-ee4ff58256` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-ee4ff58256 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2026-e34a334e81 has been pushed to the Fedora 44 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2026-e34a334e81` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2026-e34a334e81 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2026-ee4ff58256 (corosync-3.1.10-2.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2026-95ee0edcd5 (corosync-3.1.9-4.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2026-e34a334e81 (corosync-3.1.10-5.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report. |