操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

CVE-2024-53235

发布时间: 2024年12月28日

修改时间: 2025年1月11日

概要

In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 Unlike most filesystems, some network filesystems and FUSE need unavoidable valid `file` pointers for their read I/Os [1]. Anyway, those use cases need to be supported too. [1] https://docs.kernel.org/filesystems/vfs.html

CVSS v3 指标

	NVD	openEuler
Confidentiality	None	Low
Attack Vector	Local	Local
CVSS评分	5.5	3.9
Attack Complexity	Low	High
Privileges Required	Low	High
Scope	Unchanged	Unchanged
Integrity	None	Low
User Interaction	None	None
Availability	High	Low

安全公告

公告名	概要	发布时间
KylinSec-SA-2024-4543	In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 Unlike most filesystems, some network filesystems and FUSE need unavoidable valid `file` pointers for their read I/Os [1]. Anyway, those use cases need to be supported too. [1] https://docs.kernel.org/filesystems/vfs.html	2025年1月15日

影响产品

产品	包	状态
KY3.4-5	kernel	Unaffected
KY3.5.2	kernel	Unaffected
KY3.5.3	kernel	Unaffected
V6	kernel	Unaffected

操作系统+

概要

CVSS v3 指标

安全公告

影响产品

产品中心

解决方案

技术支持

生态与合作

分支机构