1481149 – (CVE-2017-10663) CVE-2017-10663 kernel: Missing sanity check for segno and blkoff read

Bug 1481149 (CVE-2017-10663) - CVE-2017-10663 kernel: Missing sanity check for segno and blkoff read

Summary: CVE-2017-10663 kernel: Missing sanity check for segno and blkoff read

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2017-10663
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1481153
Blocks:	1481154
TreeView+	depends on / blocked

Reported:	2017-08-14 08:39 UTC by Adam Mariš
Modified:	2021-02-17 01:43 UTC (History)
CC List:	37 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before version 4.12.4 does not validate the blkoff and segno arrays. This allows an unprivileged, local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.
Clone Of:
Environment:
Last Closed:	2017-08-27 15:39:55 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2017-08-14 08:39:08 UTC

The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

References:

https://source.android.com/security/bulletin/2017-08-01#kernel-components

https://sourceforge.net/p/linux-f2fs/mailman/message/35835945/

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a

Comment 1 Adam Mariš 2017-08-14 08:47:18 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1481153]

Comment 4 Vladis Dronov 2017-08-27 15:39:55 UTC

Statement:

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 as the code with the flaw is not built and shipped with the products listed.

Comment 5 Justin M. Forbes 2018-01-29 16:30:32 UTC

This was fixed for Fedora with the 4.12.4 stable updates

Note You need to log in before you can comment on or make changes to this bug.

agordeev
aquini
bhu
blc
dhoward
esammons
fhrbata
gansalmon
hkrzesin
hwkernel-mgr
iboverma
ichavero
itamar
jforbes
jkacur
jonathan
jross
jwboyer
kernel-maint
kernel-mgr
labbott
lgoncalv
lwang
madhu.chinakonda
matt
mchehab
mcressma
mguzik
mlangsdo
nmurray
pholasek
plougher
rt-maint
rvrbovsk
slawomir
vdronov
williams