CVE-2024-39472

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: fix log recovery buffer allocation for the legacy h_size fixup<br /> <br /> Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by<br /> mkfs") added a fixup for incorrect h_size values used for the initial<br /> umount record in old xfsprogs versions. Later commit 0c771b99d6c9<br /> ("xfs: clean up calculation of LR header blocks") cleaned up the log<br /> reover buffer calculation, but stoped using the fixed up h_size value<br /> to size the log recovery buffer, which can lead to an out of bounds<br /> access when the incorrect h_size does not come from the old mkfs<br /> tool, but a fuzzer.<br /> <br /> Fix this by open coding xlog_logrec_hblks and taking the fixed h_size<br /> into account for this calculation.