Bug 3982 - [ANCK 5.10] CVE-2022-1184
Summary: [ANCK 5.10] CVE-2022-1184
Status: RESOLVED FIXED
Alias: None
Product: ANCK 5.10 Dev
Classification: ANCK
Component: fs (show other bugs) fs
Version: 5.10.y-13
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: ljubomir
QA Contact: shuming
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-08 09:44 UTC by ljubomir
Modified: 2023-02-09 10:27 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description ljubomir inspur_group 2023-02-08 09:44:39 UTC 
Description of problem:
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.

Version-Release number of selected component (if applicable):
kernel-5.10.134-13_rc1

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 ZiyangZhang alibaba_cloud_group 2023-02-08 15:43:08 UTC 
https://gitee.com/anolis/cloud-kernel/pulls/1145
Comment 3 Joseph Qi alibaba_cloud_group 2023-02-08 16:24:20 UTC 
(In reply to ZiyangZhang from comment #2)
> Hi ljubomir
> 
> Your PR: 
> https://gitee.com/anolis/cloud-kernel/pulls/1140
> misses a fix commit:
> https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/
> ?h=linux-5.10.y&id=483831ad0440f62c10d1707c97ce824bd82d98ae

Please add me as a reviewer so that I can merge this PR. My gitee id is 'josephhz', thanks.
Comment 4 Joseph Qi alibaba_cloud_group 2023-02-09 10:26:12 UTC 
merged