Bugzilla – Bug 1157717
VUL-0: CVE-2019-19037: kernel-source: kernel: null-pointer dereference in ext4_empty_dir in fs/ext4/namei.c
Last modified: 2022-07-21 17:45:10 UTC
A vulnerability was found in ext4_empty_dir in fs/ext4/namei.c in the Linux kernel allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
Created attachment 825053 [details]
[PATCH] ext4: Fix ext4_empty_dir for directories with holes
This is the patch I've just submitted upstream.
The problem has been introduced by commit 4e19d6b65fb4 ("ext4: allow directory holes") which was merged into 5.3 so we need to fix only SLE15-SP2.
My fixes have been merged upstream as:
64d4ce892383 "ext4: fix ext4_empty_dir() for directories with holes"
109ba779d6cc "ext4: check for directory entries too close to block end"
I've pushed the fixes to SLE15-SP2 branch. Reassigning to security team for further handling.