mirror of
https://github.com/torvalds/linux.git
synced 2026-05-31 02:24:24 +02:00
82ebecdc74
We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability. Co-developed-by: Seunghun Han <kkamagui@gmail.com> Signed-off-by: Seunghun Han <kkamagui@gmail.com> Co-developed-by: Jihoon Kwon <jimmyxyz010315@gmail.com> Signed-off-by: Jihoon Kwon <jimmyxyz010315@gmail.com> Signed-off-by: Jaehun Gou <p22gone@gmail.com> Signed-off-by: Namjae Jeon <linkinjeon@kernel.org> |
||
|---|---|---|
| .. | ||
| balloc.c | ||
| cache.c | ||
| dir.c | ||
| exfat_fs.h | ||
| exfat_raw.h | ||
| fatent.c | ||
| file.c | ||
| inode.c | ||
| Kconfig | ||
| Makefile | ||
| misc.c | ||
| namei.c | ||
| nls.c | ||
| super.c | ||