Several potential vulnerabilities in the filesystem
Gao Xiang
hsiangkao at linux.alibaba.com
Wed Jun 5 05:10:34 CEST 2024
On 2024/6/5 06:53, jianqiang wang wrote:
> Hi Das U-Boot developers,
>
...
>
> 2. in file fs/erofs/data.c, function z_erofs_read_one_data, the node
> data is read from the storage, however, without a proper check, the
> data can be corrupted. For example, the inode data is used in function
> z_erofs_read_data, map.m_llen will be calculated to a very large
> value, which means the length variable will be very large. It will
> cause a large memory clear with memset(buffer + end - offset, 0,
> length);
Would you mind giving a reproducer or a crafted image to trigger
this? Or it's your pure observation.
Thanks,
Gao XIang
More information about the U-Boot
mailing list