Date: Fri, 24 Dec 2021 22:20:14 -0500 From: Wenqing Liu <liu@...fsu.edu> To: oss-security@...ts.openwall.com Subject: CVE-2021-45469: Linux kernel: an out-of-bounds memory access in fs/f2fs/xattr.c __f2fs_setxattr Description: In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. Could cause denial of service or other issues when mounting and operate on the crafted image. References: https://bugzilla.kernel.org/show_bug.cgi?id=215235 https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.