CVE-2024-41013

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: don&amp;#39;t walk off the end of a directory data block<br /> <br /> This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry<br /> to make sure don&amp;#39;t stray beyond valid memory region. Before patching, the<br /> loop simply checks that the start offset of the dup and dep is within the<br /> range. So in a crafted image, if last entry is xfs_dir2_data_unused, we<br /> can change dup-&gt;length to dup-&gt;length-1 and leave 1 byte of space. In the<br /> next traversal, this space will be considered as dup or dep. We may<br /> encounter an out of bound read when accessing the fixed members.<br /> <br /> In the patch, we make sure that the remaining bytes large enough to hold<br /> an unused entry before accessing xfs_dir2_data_unused and<br /> xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make<br /> sure that the remaining bytes large enough to hold a dirent with a<br /> single-byte name before accessing xfs_dir2_data_entry.