[PATCH] ntfs: Fix validity check for file name attribute
Desmond Cheong Zhi Xi
desmondcheongzx at gmail.com
Thu Jul 29 11:56:09 UTC 2021
On 29/7/21 4:31 pm, Rolf Eike Beer wrote:
> I was just scanning through some older vulnerabilities and came across
> CVE-2018-12929, CVE-2018-12930, and CVE-2018-12931, which are all still open
> according to linuxkernelcves.com (originally reported against 4.15 ). I
> looked into the commits in fs/ntfs/ from 4.15 onwards to see if they were just
> missed, but I can't spot anything there. RedHat claims to have them fixed in
> one of their kernels .
> Which makes me wonder if the issue fixed here is a duplicate of the any of the
> above. Is there a reason I can't find any patches for the original issue in
> tree, like the issue only introduced in a custom patchset that Ubuntu/RedHat
> were using? Is this thing worth it's own CVE if it's no duplicate?
> 1) https://marc.info/?t=152407734400002&r=1&w=2
> 2) https://access.redhat.com/errata/RHSA-2019:0641
Thanks for digging into this. From a first glance, this bug seems most
similar to CVE-2018-12929.
However, from the logs, the root causes are probably different. The
cause of this bug is specifically in the call to
ntfs_is_extended_system_file , but from what I can see this is not
the case for CVE-2018-12929. I don't know enough to comment whether it
needs a CVE, but it has been patched on Linux stable (up to 4.4).
It's worth noting that there's another similar bug that was fixed by
Rustam Kovhaev (+cc) in ntfs_read_locked_inode . This may or may not
have been the issue in CVE-2018-12929.
More information about the Linux-kernel-mentees