6137 – [ 4.19] Bugfix for CVE-2023-34256

Bug 6137 - [ 4.19] Bugfix for CVE-2023-34256

Summary: [ 4.19] Bugfix for CVE-2023-34256

Status:	NEW

Alias:	None

Product:	Anolis OS 8
Classification:	Anolis OS
Component:	kernel - anck-4.19 (show other bugs)	kernel - anck-4.19
Sub Component:
Version:	8.2
Hardware:	All Linux

Importance:	P3-Medium S3-normal
Target Milestone:	---
Assignee:	maqiao_mq
QA Contact:	shuming

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-08-08 16:20 UTC by Zh_hhhhh
Modified:	2023-08-08 16:20 UTC (History)
CC List:	0 users

See Also:

Attachments
Fix the bug (61.29 KB, image/png) 2023-08-08 16:20 UTC, Zh_hhhhh	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Zh_hhhhh cmss_group

2023-08-08 16:20:56 UTC

Created attachment 868 [details]
Fix the bug

Description of problem:

Fix the bug CVE-2023-34256

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

When called from fs/ext4/super.c, there was an out-of-bounds read in crc16 in lib/crc16.c because ext4_group_desc_csum didn't check the offset properly