Bug 1053154 - (CVE-2017-10662) VUL-0: CVE-2017-10662: kernel-source: f2fs: sanity check segment count
(CVE-2017-10662)
VUL-0: CVE-2017-10662: kernel-source: f2fs: sanity check segment count
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/190207/
CVSSv3:RedHat:CVE-2017-10662:4.7:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-10 06:06 UTC by Marcus Meissner
Modified: 2017-08-15 08:58 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-08-10 06:06:59 UTC
CVE-2017-10662

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124

author	Jin Qian <jinqian@google.com>	2017-04-25 16:28:48 -0700
committer	Jaegeuk Kim <jaegeuk@kernel.org>	2017-05-02 21:19:48 -0700
commit	b9dd46188edc2f0d1f37328637860bb65a771124 (patch)
tree	9476c2adfe493a9b3f91f3e8363a3e269b21cde6
parent	a817737e87d506ea7b3983d287b4578c99922d85 (diff)
download	linux-stable-b9dd46188edc2f0d1f37328637860bb65a771124.tar.gz
f2fs: sanity check segment count
F2FS uses 4 bytes to represent block address. As a result, supported
size of disk is 16 TB and it equals to 16 * 1024 * 1024 / 2 segments.

Signed-off-by: Jin Qian <jinqian@google.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-10662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10662
Comment 1 Marcus Meissner 2017-08-10 06:09:25 UTC
CONFIG_F2FS_FS is not set in all SLES branches.

CONFIG_F2FS_FS=m in Leap and master branches.
Comment 2 Takashi Iwai 2017-08-15 08:43:28 UTC
The upstream fix commit is included in 4.12-rc1, so TW and SLE15 already have it.
It's backported to 4.4.68 stable, so SLE12-SP2/SP3/openSUSE-42.2/42.3 already have it, too.

Since f2fs is enabled only on openSUSE, all done now.
Reassigned back to security team.
Comment 3 Marcus Meissner 2017-08-15 08:58:15 UTC
done then