CVE-2024-26590

Summary

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix inconsistent per-file compression format

EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization.

However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA algorithmtype even it's not set in sbi->available_compr_algs. This can lead to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in.

Fix this by checking against sbi->available_compr_algs for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8f89926290c4b3d31748d5089b27952243be0693 < 47467e04816cb297905c0f09bc2d11ef865942d9affected
LinuxLinux8f89926290c4b3d31748d5089b27952243be0693 < 823ba1d2106019ddf195287ba53057aee33cf724affected
LinuxLinux8f89926290c4b3d31748d5089b27952243be0693 < eed24b816e50c6cd18cbee0ff0d7218c8fced199affected
LinuxLinux8f89926290c4b3d31748d5089b27952243be0693 < 118a8cf504d7dfa519562d000f423ee3ca75d2c4affected
LinuxLinux5.16affected
LinuxLinux0 < 5.16unaffected
LinuxLinux6.1.80 <= 6.1.*unaffected
LinuxLinux6.6.14 <= 6.6.*unaffected
LinuxLinux6.7.2 <= 6.7.*unaffected
LinuxLinux6.8 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References