概要

In the Linux kernel, the following vulnerability has been resolved:erofs: fix inconsistent per-file compression formatEROFS can select compression algorithms on a per-file basis, and eachper-file compression algorithm needs to be marked in the on-disksuperblock for initialization.However, syzkaller can generate inconsistent crafted images that usean unsupported algorithmtype for specific inodes, e.g. use MicroLZMAalgorithmtype even it s not set in `sbi->available_compr_algs`. Thiscan lead to an unexpected BUG: kernel NULL pointer dereference ifthe corresponding decompressor isn t built-in.Fix this by checking against `sbi->available_compr_algs` for eachm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs presetbitmap is now fixed together since it was harmless previously.

CVSS v3 指标

安全公告

影响产品