From nobody Wed Sep 6 04:20:13 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgTgM08znz4s3YD for ; Wed, 6 Sep 2023 04:20:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgTgL6Dmmz3MKN for ; Wed, 6 Sep 2023 04:20:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693974014; a=rsa-sha256; cv=none; b=WLDA+dX8iLWlLutvQh0Zid6RWcWeof+wyoj2gPhR2SyXtJ+1kn1g2xyAFApPFnAACvHCcw sKPu6qN382EbrZchry4xXN//DIYfl5nZhpAEKcjNB5kPhfW36sGD/6X3qhz88bSFFjDTVd QLhKU9Fn69lcSYXiCuACSqFNo2zrMP5Zj33XLj+ldSN7ff+IdxxEAl7uajkKVix7hN/M5+ 6HLHwkPuZX4MTJnLaJwqXxunJ4HST4AGxNuC8ubTX5LjGuRQ5yvtzWTAtqXIPCvDhbc/SV HQlr4NHRB8WrznRUPKaT5WLrL/T9D4IyCICfGWxiN8sQRF1DbbNjMvxqtvf/3Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1693974014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=NNRxNfAlADStSTPH6fhEkEcKRfTWcmDHwsF39hbUn/k=; b=e7dI0jKQZ1DP+429b/7TflhdLkn9eGsvyGzCKgawr4d3lwfThKFhV+iMT8hmKEDQ7ibu+Y CCR+ChLwx7nnhwgSa64DhocMXV2mTWw31s9sob/bTRKnnxMBQWnIjeWs0WHjJL7SzvYuov XI9hesJPuRvo6wAGfL7aly+8XP/Lbd+TMcnLgJozvA7QPE7qH62riC3Bvq1tqCU5JSXhfj yx1uVtt8zLU6ELlRhnYIBkQNU+klbXgxxnwxX6qGm7pB7P8siiPJWz9mBkklZWt49RpDU2 rAzP/VosFlIDiYX5wPvgA85PILnq+V3zrFcPwLlvMA9Kh+ZCARHu34WKaHozdQ== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RgTgL59vGz11Nv for ; Wed, 6 Sep 2023 04:20:14 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3864KEQb072005 for ; Wed, 6 Sep 2023 04:20:14 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3864KEhE072004 for bugs@FreeBSD.org; Wed, 6 Sep 2023 04:20:14 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266562] malicious Linux LVM label can cause crash during taste Date: Wed, 06 Sep 2023 04:20:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: In Progress X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266562 --- Comment #7 from commit-hook@FreeBSD.org --- A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D809450c4b53109b6ca8a87054452f2b3b= 8f711aa commit 809450c4b53109b6ca8a87054452f2b3b8f711aa Author: Zhenlei Huang AuthorDate: 2023-08-22 09:20:10 +0000 Commit: Zhenlei Huang CommitDate: 2023-09-06 04:17:49 +0000 geom_linux_lvm: Check the offset of physical volume header The LVM label is stored on any of the first four sectors, and the PV (physical volume) header is stored within the same sector following the LVM label. The current implementation does not fully check the offset of PV header, when attaching a bad formatted LVM PV the kernel may crash due to out-of-bounds memory read. PR: 266562 Reviewed by: jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D36773 (cherry picked from commit c941b82e1c31a67a025c43cc7bd31f269fa62588) sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=