In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix kernel bug on rename operation of broken directory
Syzbot reported that in rename directory operation on broken directory on nilfs2, _blockwritebeginint() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size.
This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories.
Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot().
[ { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f61514374e4a0c3b65b08c6024dd7e26150bfd", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-0852e707" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7000b438dda9d0f41a956fc9bffed92d2eb6be0d", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-0ef662f4" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9a466a69b85059b341239766a10efdd3ee68a4b", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-15ffae15" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a8879c0771a68d70ee2e5e66eea34207e8c6231", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-23efb0cb" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9e1ddc09ca55746079cc479aa3eb6411f0d99d4", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-26715899" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9e1ddc09ca55746079cc479aa3eb6411f0d99d4", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "169815808457861609540734625843669778394", "164819012969209554755978001983478901194", "212079206363558961604634644492224537104", "148468369276511007771030585900038375553", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-389536bc" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ff9767ba2cb949701e45e6e4287f8af82986b703", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-53ccba57" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a9a466a69b85059b341239766a10efdd3ee68a4b", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-76b04bef" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7000b438dda9d0f41a956fc9bffed92d2eb6be0d", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-82a124f3" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "169815808457861609540734625843669778394", "164819012969209554755978001983478901194", "212079206363558961604634644492224537104", "148468369276511007771030585900038375553", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-8327a2e4" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@60f61514374e4a0c3b65b08c6024dd7e26150bfd", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-990dc71d" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24c1c8566a9b6be51f5347be2ea76e25fc82b11e", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-9feaf4a5" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ff9767ba2cb949701e45e6e4287f8af82986b703", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-bebe4eb7" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@24c1c8566a9b6be51f5347be2ea76e25fc82b11e", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-dbf1f830" }, { "signature_type": "Function", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5", "signature_version": "v1", "target": { "function": "nilfs_dotdot", "file": "fs/nilfs2/dir.c" }, "digest": { "function_hash": "191310616935309645783723372307716625050", "length": 167.0 }, "id": "CVE-2024-41034-eff7205e" }, { "signature_type": "Line", "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1a8879c0771a68d70ee2e5e66eea34207e8c6231", "signature_version": "v1", "target": { "file": "fs/nilfs2/dir.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "233986328148806198969531406586366691198", "23029675626361168811252012790843546629", "255974639244616156390142034779067610054", "179660888278472264836234408754730857823", "22530253043379557869801996345432406553", "7813660654970410081647615908668440556", "267287973696938374508803064456227243889" ] }, "id": "CVE-2024-41034-f6c21f33" } ]