* ntfs3: CVE-2022-3238
@ 2022-11-02 6:33 zhongjinghua
0 siblings, 0 replies; only message in thread
From: zhongjinghua @ 2022-11-02 6:33 UTC (permalink / raw)
To: almaz.alexandrovich@paragon-software.com; +Cc: ntfs3@lists.linux.dev
Hi !
I have a question to ask for CVE-2022-3238.
This issue seems to have been fixed by the mainline patch: cd39981fb92adf0cc736112f87e3e61602baa415.
I didn't reproduce the problem when I verified the mainline code, but it did when I rolled back this patch.
So I would like to ask if this patch is a patch to fix this CVE problem.
CVE link: https://access.redhat.com/security/cve/CVE-2022-3238
Vulnerability trigger path:
------remount------
do_mount
path_mount
do_remount
put_fs_context
fc->ops->free(fc);
ntfs_fs_free
put_mount_options
kfree(opts->nls_name);
------umount------
kill_block_super
generic_shutdown_super
ntfs_put_super
put_mount_options
kfree(opts->nls_name);
cd39981fb92adf0cc736112f87e3e61602baa415:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v6.1-rc3&id=cd39981fb92adf0cc736112f87e3e61602baa415
This problem triggers:
ntfs_init_fs_context:
sbi->options = opts;
fc->s_fs_info = sbi;
ok:
fc->fs_private = opts;
fc->ops = &ntfs_context_ops;
The two references are the same.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-11-02 6:50 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-02 6:33 ntfs3: CVE-2022-3238 zhongjinghua
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox