[PATCH] ntfs: Fix validity check for file name attribute
Rolf Eike Beer
eb at emlix.com
Thu Jul 29 08:31:45 UTC 2021
Hi,
I was just scanning through some older vulnerabilities and came across
CVE-2018-12929, CVE-2018-12930, and CVE-2018-12931, which are all still open
according to linuxkernelcves.com (originally reported against 4.15 [1]). I
looked into the commits in fs/ntfs/ from 4.15 onwards to see if they were just
missed, but I can't spot anything there. RedHat claims to have them fixed in
one of their kernels [2].
Which makes me wonder if the issue fixed here is a duplicate of the any of the
above. Is there a reason I can't find any patches for the original issue in
tree, like the issue only introduced in a custom patchset that Ubuntu/RedHat
were using? Is this thing worth it's own CVE if it's no duplicate?
Greetings,
Eike
1) https://marc.info/?t=152407734400002&r=1&w=2
2) https://access.redhat.com/errata/RHSA-2019:0641
--
Rolf Eike Beer, emlix GmbH, http://www.emlix.com
Fon +49 551 30664-0, Fax +49 551 30664-11
Gothaer Platz 3, 37083 Göttingen, Germany
Sitz der Gesellschaft: Göttingen, Amtsgericht Göttingen HR B 3160
Geschäftsführung: Heike Jordan, Dr. Uwe Kracke – Ust-IdNr.: DE 205 198 055
emlix - smart embedded open source
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 313 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfoundation.org/pipermail/linux-kernel-mentees/attachments/20210729/024a1fea/attachment.sig>
More information about the Linux-kernel-mentees
mailing list