Bugzilla – Bug 1227432
VUL-0: CVE-2024-39472: kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup
Last modified: 2024-07-18 14:01:49 UTC
In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer. Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-39472 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-39472.mbox https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a https://www.cve.org/CVERecord?id=CVE-2024-39472
upstream commit 45cf976008dd backported and pushed to SLE15-SP{5,6}, pending merging. Assigning to sec.