Several user-accessible mount helpers use insecure defaults which allow ext2/3/4 file systems to cause a denial of service (kernel panic) upon mounting a crafted image. This is especially relevant when mounts can be caused by unprivileged users or are configured to happen automatically and completely unauthorized. External Reference: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt
Created udisks2 tracking bugs for this issue: Affects: fedora-all [bug 2003650]
Copyright license of original report: https://creativecommons.org/licenses/by/3.0/deed.en
Fix available upstream as part of the udisks-2.9.4 release: https://github.com/storaged-project/udisks/releases/tag/udisks-2.9.4
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1820 https://access.redhat.com/errata/RHSA-2022:1820
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3802