CVE-2022-48923

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: prevent copying too big compressed lzo segment<br /> <br /> Compressed length can be corrupted to be a lot larger than memory<br /> we have allocated for buffer.<br /> This will cause memcpy in copy_compressed_segment to write outside<br /> of allocated memory.<br /> <br /> This mostly results in stuck read syscall but sometimes when using<br /> btrfs send can get #GP<br /> <br /> kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI<br /> kernel: CPU: 17 PID: 264 Comm: kworker/u256:7 Tainted: P OE 5.17.0-rc2-1 #12<br /> kernel: Workqueue: btrfs-endio btrfs_work_helper [btrfs]<br /> kernel: RIP: 0010:lzo_decompress_bio (./include/linux/fortify-string.h:225 fs/btrfs/lzo.c:322 fs/btrfs/lzo.c:394) btrfs<br /> Code starting with the faulting instruction<br /> ===========================================<br /> 0:* 48 8b 06 mov (%rsi),%rax