The Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image. Upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=199347 Upstream patch: https://bugzilla.kernel.org/attachment.cgi?id=276147&action=diff https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8a2b307c21d4b290e3cbe33f768f194286d07c23
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1582348]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:0162 https://access.redhat.com/errata/RHSA-2019:0162