From nobody Wed Sep  6 04:53:26 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgVPf4pf9z4sM4K
	for <bugs@mlmmj.nyi.freebsd.org>; Wed,  6 Sep 2023 04:53:26 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RgVPf3c3dz3W8l
	for <bugs@FreeBSD.org>; Wed,  6 Sep 2023 04:53:26 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1693976006; a=rsa-sha256; cv=none;
	b=hGabU6myXbKHY2x2Q6dRLTjGjouFI3w/pUYxLrDRYjO2pLALhLVlNRc23BWxr639nOjKrW
	piJsp3xZ0VGiDpY+Dng/cXE2Y/E66weosXugJr+bO9QTtqT32YbmFSwagioV79+LqYaO9J
	mPYEPyBV29J+WaF1vHrnmYiATx0T3SE0WVX1RUk3dsHkHR8gNHSjMAM7J6G3NVrgWbAHZ0
	f4/ofY/w6jTCrp+XUqd+10I731cAo5DLsavbhfuozq3hr6FxMiXLKG7Pazk5SNJPaLAmEE
	R5p9YFPqtBcG2qRBT9zFyKTKoipHjTTPOARvlY5PGvGemlqpIwwr9/20sdy0aw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1693976006;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=+Yjf07VHnDt/kw/3DL1/e1uUOTxcl5uTURWClH8B7/c=;
	b=aitU9yWUV8EVgqK8Mr/YpKm8uZ0CHRHxL7idlhQ1TfmwsbzGsO4ftwP25tv4/q+vzusuo6
	Mpn/Cpvlifyw53CHCgRdmlLu46Rt9HDO+2vesvO8cRig6jS4TJAaBo8trjCW5hZLged0qN
	I+TL0ddxrMDRa5xBZJ4oSPgYt5Pq7jdgxwS6ta4J55fgJVTTgjZAMn9pUSVmQJPGSpeqBN
	5B8/5al4aBcVSJAualnaWZ1iusAglHW3GVD8YNkNyR2SnKpDd/fhvsfftfPItMgKtSXTHa
	42aEJriu4soX7uGsCvTxshHtu5UYK7KD27NrwsM5YYwZXeqWE06sKTHW8QTAEA==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RgVPf2fMgz12qX
	for <bugs@FreeBSD.org>; Wed,  6 Sep 2023 04:53:26 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 3864rQJd024631
	for <bugs@FreeBSD.org>; Wed, 6 Sep 2023 04:53:26 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 3864rQlD024630
	for bugs@FreeBSD.org; Wed, 6 Sep 2023 04:53:26 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 266562] malicious Linux LVM label can cause crash during taste
Date: Wed, 06 Sep 2023 04:53:26 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@FreeBSD.org
X-Bugzilla-Status: In Progress
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-266562-227-pY7HFjHZGg@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-266562-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-266562-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266562

--- Comment #8 from commit-hook@FreeBSD.org ---
A commit in branch stable/12 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3D70e32e5b52d9b34bdc205f04a616998ef=
fc493b0

commit 70e32e5b52d9b34bdc205f04a616998effc493b0
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2023-08-22 09:20:10 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2023-09-06 04:32:56 +0000

    geom_linux_lvm: Check the offset of physical volume header

    The LVM label is stored on any of the first four sectors, and the
    PV (physical volume) header is stored within the same sector following
    the LVM label. The current implementation does not fully check the
    offset of PV header, when attaching a bad formatted LVM PV the kernel
    may crash due to out-of-bounds memory read.

    PR:             266562
    Reviewed by:    jhb
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D36773

    (cherry picked from commit c941b82e1c31a67a025c43cc7bd31f269fa62588)
    (cherry picked from commit 809450c4b53109b6ca8a87054452f2b3b8f711aa)

 sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

--=20
You are receiving this mail because:
You are the assignee for the bug.=