Google Git
Sign in
android / kernel / common / refs/tags/ASB-2019-01-05_4.9-o-release
tag3c16c94bee6a8ef34ad60565e84aca92b3902fa2
taggerTodd Kjos <tkjos@google.com>Mon Jan 07 10:44:14 2019 -0800
object36a41d574739d512b745f230fa07c44d92ee2278 
https://source.android.com/security/bulletin/2019-01-01
CVE-2018-10876
CVE-2018-10880
CVE-2018-10882
CVE-2018-13405
CVE-2018-18281
CVE-2018-17182
CVE-2018-10877
commit36a41d574739d512b745f230fa07c44d92ee2278[log] [tgz]
authorTheodore Ts'o <tytso@mit.edu>Thu Jun 14 12:55:10 2018 -0400
committerTodd Kjos <tkjos@google.com>Fri Jan 04 10:01:33 2019 -0800
treed56987b216e6b75dfcf76dba500b4d6912c44bfc
parentc579b139bea04041286b57f1db9f7185b00ef018 [diff]
ext4: verify the depth of extent tree in ext4_find_extent()

commit bc890a60247171294acc0bd67d211fa4b88d40ba upstream.

If there is a corupted file system where the claimed depth of the
extent tree is -1, this can cause a massive buffer overrun leading to
sadness.

This addresses CVE-2018-10877.

https://bugzilla.kernel.org/show_bug.cgi?id=199417

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2 files changed
tree: d56987b216e6b75dfcf76dba500b4d6912c44bfc
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. build.config.cuttlefish.x86_64
  29. build.config.goldfish.arm
  30. build.config.goldfish.arm64
  31. build.config.goldfish.mips
  32. build.config.goldfish.mips64
  33. build.config.goldfish.x86
  34. build.config.goldfish.x86_64
  35. COPYING
  36. CREDITS
  37. Kbuild
  38. Kconfig
  39. MAINTAINERS
  40. Makefile
  41. README
  42. REPORTING-BUGS