Bug 2187439 (CVE-2023-2124) - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
Summary: CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem
Keywords:
Status: NEW
Alias: CVE-2023-2124
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2187444 2187445 2187446 2187447 2187448 2187449 2187450 2187451 2187452 2187453 2187454 2187455 2187456 2187457 2187458 2187459 2187460 2187461 2187462 2187463 2187464 2187465 2187466 2187467 2187468 2187469 2187470 2187472 2187473 2187474 2187475 2187476 2187477 2187478 2187479 2187612 2187963 2203593 2203594
Blocks: 2187430
TreeView+ depends on / blocked
 
Reported: 2023-04-17 17:06 UTC by Alex
Modified: 2024-02-07 12:56 UTC (History)
58 users (show)

Fixed In Version: kernel 6.4-rc1
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:5149 0 None None None 2023-09-14 05:20:38 UTC
Red Hat Product Errata RHSA-2023:3708 0 None None None 2023-06-21 14:38:37 UTC
Red Hat Product Errata RHSA-2023:3723 0 None None None 2023-06-21 14:39:13 UTC
Red Hat Product Errata RHSA-2023:4137 0 None None None 2023-07-18 08:28:42 UTC
Red Hat Product Errata RHSA-2023:4138 0 None None None 2023-07-18 08:28:53 UTC
Red Hat Product Errata RHSA-2023:4515 0 None None None 2023-08-08 07:22:31 UTC
Red Hat Product Errata RHSA-2023:4517 0 None None None 2023-08-08 08:19:52 UTC
Red Hat Product Errata RHSA-2023:4541 0 None None None 2023-08-08 07:54:20 UTC
Red Hat Product Errata RHSA-2023:4789 0 None None None 2023-08-29 08:44:08 UTC
Red Hat Product Errata RHSA-2023:4815 0 None None None 2023-08-29 09:23:00 UTC
Red Hat Product Errata RHSA-2023:4817 0 None None None 2023-08-29 09:21:42 UTC
Red Hat Product Errata RHSA-2023:4961 0 None None None 2023-09-05 08:58:47 UTC
Red Hat Product Errata RHSA-2023:4962 0 None None None 2023-09-05 09:06:36 UTC

Description Alex 2023-04-17 17:06:24 UTC
A flaw in the Linux Kernel found for the XFS file system. When mounting a user-supplied XFS disk image, the out of bounds memory access can happen. It happens for some corner case when data in Log journal of XFS image different from on-disk buffer that appears to be newer (so this is a dirty log case).

Reference:
https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d

Comment 14 Alex 2023-04-19 09:18:49 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2187963]

Comment 17 Andrey Albershteyn (aalbersh) 2023-05-05 08:54:15 UTC
@allarkin Hi Alex, could you also create RHEL7 issues for this CVE? The fix is also applicable for RHEL7, so, this would make sense to also backport it there.

Comment 18 Alex 2023-05-07 09:47:27 UTC
In reply to comment #17:
> @allarkin Hi Alex, could you also create RHEL7 issues for this
> CVE? The fix is also applicable for RHEL7, so, this would make sense to also
> backport it there.

Decreased severity of this one from High to Moderate, because:
"
The C reproducer does not reproduce the issue on latest 8.8/9.2 kernel, neither on Fedora with 6.3-rc7.eln kernel or 9.3 with the 6.3 common kernel."
, and also the CVSS=7 is between Moderate and High.
More comments about this decrease inside bug 2187446

For Red Hat 7 usually we omit fixes if Moderate, so I set "OOSS".
However, do you think if need to fix for rhel7 anyway?

Comment 21 Andrey Albershteyn (aalbersh) 2023-05-11 13:27:08 UTC
(In reply to Alex from comment #18)
> In reply to comment #17:
> > @allarkin Hi Alex, could you also create RHEL7 issues for this
> > CVE? The fix is also applicable for RHEL7, so, this would make sense to also
> > backport it there.
> 
> Decreased severity of this one from High to Moderate, because:
> "
> The C reproducer does not reproduce the issue on latest 8.8/9.2 kernel,
> neither on Fedora with 6.3-rc7.eln kernel or 9.3 with the 6.3 common kernel."
> , and also the CVSS=7 is between Moderate and High.
> More comments about this decrease inside Red Hatbug 2187446
> 
> For Red Hat 7 usually we omit fixes if Moderate, so I set "OOSS".
> However, do you think if need to fix for rhel7 anyway?

Hi Alex,

Sorry for late reply, yeah I think this make sense to fix it anyway. 
The code path exists and fix is quite simple, so make sense to me.

Comment 23 Alex 2023-05-14 11:48:28 UTC
In reply to comment #21:
> (In reply to Alex from comment #18)
> > In reply to comment #17:
> > > @allarkin Hi Alex, could you also create RHEL7 issues for this
> > > CVE? The fix is also applicable for RHEL7, so, this would make sense to also
> > > backport it there.
> > 
> > Decreased severity of this one from High to Moderate, because:
> > "
> > The C reproducer does not reproduce the issue on latest 8.8/9.2 kernel,
> > neither on Fedora with 6.3-rc7.eln kernel or 9.3 with the 6.3 common kernel."
> > , and also the CVSS=7 is between Moderate and High.
> > More comments about this decrease inside Red Hatbug 2187446
> > 
> > For Red Hat 7 usually we omit fixes if Moderate, so I set "OOSS".
> > However, do you think if need to fix for rhel7 anyway?
> 
> Hi Alex,
> 
> Sorry for late reply, yeah I think this make sense to fix it anyway. 
> The code path exists and fix is quite simple, so make sense to me.

Ok, filled trackers for rhel9.

Comment 24 errata-xmlrpc 2023-06-21 14:38:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3708 https://access.redhat.com/errata/RHSA-2023:3708

Comment 25 errata-xmlrpc 2023-06-21 14:39:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3723 https://access.redhat.com/errata/RHSA-2023:3723

Comment 27 errata-xmlrpc 2023-07-18 08:28:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4137 https://access.redhat.com/errata/RHSA-2023:4137

Comment 28 errata-xmlrpc 2023-07-18 08:28:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:4138 https://access.redhat.com/errata/RHSA-2023:4138

Comment 29 errata-xmlrpc 2023-08-08 07:22:27 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:4515 https://access.redhat.com/errata/RHSA-2023:4515

Comment 30 errata-xmlrpc 2023-08-08 07:54:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4541 https://access.redhat.com/errata/RHSA-2023:4541

Comment 31 errata-xmlrpc 2023-08-08 08:19:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:4517 https://access.redhat.com/errata/RHSA-2023:4517

Comment 32 errata-xmlrpc 2023-08-29 08:44:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:4789 https://access.redhat.com/errata/RHSA-2023:4789

Comment 33 errata-xmlrpc 2023-08-29 09:21:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4817 https://access.redhat.com/errata/RHSA-2023:4817

Comment 34 errata-xmlrpc 2023-08-29 09:22:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:4815 https://access.redhat.com/errata/RHSA-2023:4815

Comment 35 errata-xmlrpc 2023-09-05 08:58:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4961 https://access.redhat.com/errata/RHSA-2023:4961

Comment 36 errata-xmlrpc 2023-09-05 09:06:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:4962 https://access.redhat.com/errata/RHSA-2023:4962


Note You need to log in before you can comment on or make changes to this bug.