发布时间: 2023年3月15日
修改时间: 2024年11月30日
A flaw found in the Linux Kernel. For the Ext4 file system if overlay FS being used, use after free could happen as result of the race condition. The bug actual if patch 9a2544037600 not applied yet. Example for triggering in a overlay on ext4 setup:aio_read ovl_read_iter vfs_iter_read ext4_file_read_iter ext4_dio_read_iter iomap_dio_rw -> -EIOCBQUEUED /* * Here IO is completed in a separate thread, * ovl_aio_cleanup_handler() frees aio_req which has iocb embedded */ file_accessed(iocb->ki_filp); /**BOOM**/Reference:https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 7.8 | 7.0 |
| Attack Complexity | Low | High |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1193 | A flaw found in the Linux Kernel. For the Ext4 file system if overlay FS being used, use after free could happen as result of the race condition. The bug actual if patch 9a2544037600 not applied yet. Example for triggering in a overlay on ext4 setup:aio_read ovl_read_iter vfs_iter_read ext4_file_read_iter ext4_dio_read_iter iomap_dio_rw -> -EIOCBQUEUED /* * Here IO is completed in a separate thread, * ovl_aio_cleanup_handler() frees aio_req which has iocb embedded */ file_accessed(iocb->ki_filp); /**BOOM**/Reference:https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/ | 2023年3月15日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | kernel | Unaffected |
| KY3.4-5A | kernel | Unaffected |
| KY3.5.1 | kernel | Unaffected |
| KY3.5.2 | kernel | Unaffected |
