Several potential vulnerabilities in the filesystem

Gao Xiang hsiangkao at linux.alibaba.com
Wed Jun 5 05:10:34 CEST 2024



On 2024/6/5 06:53, jianqiang wang wrote:
> Hi Das U-Boot developers,
> 

...

> 
> 2. in file fs/erofs/data.c, function z_erofs_read_one_data, the node
> data is read from the storage, however, without a proper check, the
> data can be corrupted. For example, the inode data is used in function
> z_erofs_read_data, map.m_llen will be calculated to a very large
> value, which means the length variable will be very large. It will
> cause a large memory clear with memset(buffer + end - offset, 0,
> length);

Would you mind giving a reproducer or a crafted image to trigger
this?  Or it's your pure observation.

Thanks,
Gao XIang



More information about the U-Boot mailing list