There is a flaw in the Linux Kernel file system metadata validator in XFS which may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt, which will shut down the filesystem and render it inaccessible until it is remounted. To trigger this flaw, a specific extended attribute name/value pair must be created.
It is possible that after this fail and before reboot would not work mount for other partitions (but still work well until reboot other already mounted partitions and new mount from image file should work too).
This is a user-triggerable denial of service.
A patch to fix the issue:
Name: Dr. David Alan Gilbert (redhat.com)
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1874811]
This flaw was introduced in kernel 4.16, with commit
1e1bbd8e7ee06 ("xfs: create structure verifier function for shortform xattrs")
For rhel7 still relevant (even kernel 3.10 lower than 4.16), because of this commit:
176cad912b2b fs/xfs/libxfs/xfs_attr_leaf.c (Carlos Maiolino 2019-07-10 09:40:03 -0400 927) if (((char *)sfep + sizeof(*sfep)) >= endp)
FEDORA-2020-708b23f2ce has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
(In reply to Eric Christensen from comment #24)
> Because only a local user can trigger this flaw, the impact has been reduced
> to Moderate.
Note that 'local' can include an unpriviliged user in an openshift container.
Only local users, including unprivileged users in a cointainer, can trigger this flaw. However, the impact could be high, especially on multi-tenant systems, because after the attack the system rendered inaccessible for some time (at least until reboot), so the impact has been increased to Important.