CVE-2022-49464

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: fix buffer copy overflow of ztailpacking feature<br /> <br /> I got some KASAN report as below:<br /> <br /> [ 46.959738] ==================================================================<br /> [ 46.960430] BUG: KASAN: use-after-free in z_erofs_shifted_transform+0x2bd/0x370<br /> [ 46.960430] Read of size 4074 at addr ffff8880300c2f8e by task fssum/188<br /> ...<br /> [ 46.960430] Call Trace:<br /> [ 46.960430] <br /> [ 46.960430] dump_stack_lvl+0x41/0x5e<br /> [ 46.960430] print_report.cold+0xb2/0x6b7<br /> [ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370<br /> [ 46.960430] kasan_report+0x8a/0x140<br /> [ 46.960430] ? z_erofs_shifted_transform+0x2bd/0x370<br /> [ 46.960430] kasan_check_range+0x14d/0x1d0<br /> [ 46.960430] memcpy+0x20/0x60<br /> [ 46.960430] z_erofs_shifted_transform+0x2bd/0x370<br /> [ 46.960430] z_erofs_decompress_pcluster+0xaae/0x1080<br /> <br /> The root cause is that the tail pcluster won&amp;#39;t be a complete filesystem<br /> block anymore. So if ztailpacking is used, the second part of an<br /> uncompressed tail pcluster may not be ``rq-&gt;pageofs_out``.