摘要:
A flaw found in the Linux Kernel. For the Ext4 file system if overlay FS being used, use after free could happen as result of the race condition. The bug actual if patch 9a2544037600 not applied yet. Example for triggering in a overlay on ext4 setup:aio_read ovl_read_iter vfs_iter_read ext4_file_read_iter ext4_dio_read_iter iomap_dio_rw -> -EIOCBQUEUED /* * Here IO is completed in a separate thread, * ovl_aio_cleanup_handler() frees aio_req which has iocb embedded */ file_accessed(iocb->ki_filp); /**BOOM**/Reference:https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/
安全等级: Low
公告ID: KylinSec-SA-2023-1193
发布日期: 2023年3月15日
关联CVE: CVE-2023-1252
A flaw found in the Linux Kernel. For the Ext4 file system if overlay FS being used, use after free could happen as result of the race condition. The bug actual if patch 9a2544037600 not applied yet. Example for triggering in a overlay on ext4 setup:aio_read ovl_read_iter vfs_iter_read ext4_file_read_iter ext4_dio_read_iter iomap_dio_rw -> -EIOCBQUEUED /* * Here IO is completed in a separate thread, * ovl_aio_cleanup_handler() frees aio_req which has iocb embedded */ file_accessed(iocb->ki_filp); /**BOOM**/Reference:https://lore.kernel.org/lkml/20211115165433.449951285@linuxfoundation.org/
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2023-1252 | KY3.4-4A | kernel | Unaffected |
| CVE-2023-1252 | KY3.4-5A | kernel | Unaffected |
| CVE-2023-1252 | KY3.5.1 | kernel | Unaffected |
