CVE-2023-54077

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/ntfs3: Fix memory leak if ntfs_read_mft failed<br /> <br /> Label ATTR_ROOT in ntfs_read_mft() sets is_root = true and<br /> ni-&gt;ni_flags |= NI_FLAG_DIR, then next attr will goto label ATTR_ALLOC<br /> and alloc ni-&gt;dir.alloc_run. However two states are not always<br /> consistent and can make memory leak.<br /> <br /> 1) attr_name in ATTR_ROOT does not fit the condition it will set<br /> is_root = true but NI_FLAG_DIR is not set.<br /> 2) next attr_name in ATTR_ALLOC fits the condition and alloc<br /> ni-&gt;dir.alloc_run<br /> 3) in cleanup function ni_clear(), when NI_FLAG_DIR is set, it frees<br /> ni-&gt;dir.alloc_run, otherwise it frees ni-&gt;file.run<br /> 4) because NI_FLAG_DIR is not set in this case, ni-&gt;dir.alloc_run is<br /> leaked as kmemleak reported:<br /> <br /> unreferenced object 0xffff888003bc5480 (size 64):<br /> backtrace:<br /> [] __kmalloc_node+0x4e/0x1c0<br /> [] kvmalloc_node+0x39/0x1f0<br /> [] run_add_entry+0x18a/0xa40 [ntfs3]<br /> [] run_unpack+0x75d/0x8e0 [ntfs3]<br /> [] run_unpack_ex+0xbc/0x500 [ntfs3]<br /> [] ntfs_iget5+0xb25/0x2dd0 [ntfs3]<br /> [] ntfs_fill_super+0x218d/0x3580 [ntfs3]<br /> [] get_tree_bdev+0x3fb/0x710<br /> [] vfs_get_tree+0x8e/0x280<br /> [] path_mount+0xf3c/0x1930<br /> [] do_mount+0xf3/0x110<br /> ...<br /> <br /> Fix this by always setting is_root and NI_FLAG_DIR together.