Bug 1157717 - (CVE-2019-19037) VUL-0: CVE-2019-19037: kernel-source: kernel: null-pointer dereference in ext4_empty_dir in fs/ext4/namei.c
(CVE-2019-19037)
VUL-0: CVE-2019-19037: kernel-source: kernel: null-pointer dereference in ext...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/247695/
CVSSv2:NVD:CVE-2019-19037:4.3:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-25 15:54 UTC by Wolfgang Frisch
Modified: 2022-07-21 17:45 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
[PATCH] ext4: Fix ext4_empty_dir for directories with holes (3.35 KB, patch)
2019-11-27 13:14 UTC, Jan Kara
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-11-25 15:54:57 UTC
CVE-2019-19037

A vulnerability was found in ext4_empty_dir in fs/ext4/namei.c in the Linux kernel allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.

Reference:
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1775182
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19037
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19037.html
https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19037
Comment 2 Jan Kara 2019-11-27 13:14:42 UTC
Created attachment 825053 [details]
[PATCH] ext4: Fix ext4_empty_dir for directories with holes

This is the patch I've just submitted upstream.
Comment 3 Jan Kara 2019-11-27 13:16:11 UTC
The problem has been introduced by commit 4e19d6b65fb4 ("ext4: allow directory holes") which was merged into 5.3 so we need to fix only SLE15-SP2.
Comment 4 Jan Kara 2019-12-23 16:18:02 UTC
My fixes have been merged upstream as:

64d4ce892383 "ext4: fix ext4_empty_dir() for directories with holes"
109ba779d6cc "ext4: check for directory entries too close to block end"

I've pushed the fixes to SLE15-SP2 branch. Reassigning to security team for further handling.
Comment 5 Alexandros Toptsoglou 2020-04-29 13:41:29 UTC
Closing