CVE-2022-49879

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix BUG_ON() when directory entry has invalid rec_len<br /> <br /> The rec_len field in the directory entry has to be a multiple of 4. A<br /> corrupted filesystem image can be used to hit a BUG() in<br /> ext4_rec_len_to_disk(), called from make_indexed_dir().<br /> <br /> ------------[ cut here ]------------<br /> kernel BUG at fs/ext4/ext4.h:2413!<br /> ...<br /> RIP: 0010:make_indexed_dir+0x53f/0x5f0<br /> ...<br /> Call Trace:<br /> <br /> ? add_dirent_to_buf+0x1b2/0x200<br /> ext4_add_entry+0x36e/0x480<br /> ext4_add_nondir+0x2b/0xc0<br /> ext4_create+0x163/0x200<br /> path_openat+0x635/0xe90<br /> do_filp_open+0xb4/0x160<br /> ? __create_object.isra.0+0x1de/0x3b0<br /> ? _raw_spin_unlock+0x12/0x30<br /> do_sys_openat2+0x91/0x150<br /> __x64_sys_open+0x6c/0xa0<br /> do_syscall_64+0x3c/0x80<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> <br /> The fix simply adds a call to ext4_check_dir_entry() to validate the<br /> directory entry, returning -EFSCORRUPTED if the entry is invalid.