Date: Wed, 06 Sep 2023 04:53:26 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 266562] malicious Linux LVM label can cause crash during taste Message-ID: <bug-266562-227-pY7HFjHZGg@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-266562-227@https.bugs.freebsd.org/bugzilla/> References: <bug-266562-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266562 --- Comment #8 from commit-hook@FreeBSD.org --- A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D70e32e5b52d9b34bdc205f04a616998ef= fc493b0 commit 70e32e5b52d9b34bdc205f04a616998effc493b0 Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2023-08-22 09:20:10 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2023-09-06 04:32:56 +0000 geom_linux_lvm: Check the offset of physical volume header The LVM label is stored on any of the first four sectors, and the PV (physical volume) header is stored within the same sector following the LVM label. The current implementation does not fully check the offset of PV header, when attaching a bad formatted LVM PV the kernel may crash due to out-of-bounds memory read. PR: 266562 Reviewed by: jhb MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D36773 (cherry picked from commit c941b82e1c31a67a025c43cc7bd31f269fa62588) (cherry picked from commit 809450c4b53109b6ca8a87054452f2b3b8f711aa) sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-266562-227-pY7HFjHZGg>