CVE-2022-49560

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> exfat: check if cluster num is valid<br /> <br /> Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap.<br /> This was triggered by reproducer calling truncute with size 0,<br /> which causes the following trace:<br /> <br /> BUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174<br /> Read of size 8 at addr ffff888115aa9508 by task syz-executor251/365<br /> <br /> Call Trace:<br /> __dump_stack lib/dump_stack.c:77 [inline]<br /> dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118<br /> print_address_description+0x81/0x3c0 mm/kasan/report.c:233<br /> __kasan_report mm/kasan/report.c:419 [inline]<br /> kasan_report+0x1a4/0x1f0 mm/kasan/report.c:436<br /> __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309<br /> exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174<br /> exfat_free_cluster+0x25a/0x4a0 fs/exfat/fatent.c:181<br /> __exfat_truncate+0x99e/0xe00 fs/exfat/file.c:217<br /> exfat_truncate+0x11b/0x4f0 fs/exfat/file.c:243<br /> exfat_setattr+0xa03/0xd40 fs/exfat/file.c:339<br /> notify_change+0xb76/0xe10 fs/attr.c:336<br /> do_truncate+0x1ea/0x2d0 fs/open.c:65<br /> <br /> Move the is_valid_cluster() helper from fatent.c to a common<br /> header to make it reusable in other *.c files. And add is_valid_cluster()<br /> to validate if cluster number is within valid range in exfat_clear_bitmap()<br /> and exfat_set_bitmap().