CVE-2024-46688
Severity:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/09/2024
Last modified:
13/09/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails<br />
<br />
If z_erofs_gbuf_growsize() partially fails on a global buffer due to<br />
memory allocation failure or fault injection (as reported by syzbot [1]),<br />
new pages need to be freed by comparing to the existing pages to avoid<br />
memory leaks.<br />
<br />
However, the old gbuf->pages[] array may not be large enough, which can<br />
lead to null-ptr-deref or out-of-bound access.<br />
<br />
Fix this by checking against gbuf->nrpages in advance.<br />
<br />
[1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com