CVE-2023-53503

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: allow ext4_get_group_info() to fail<br /> <br /> Previously, ext4_get_group_info() would treat an invalid group number<br /> as BUG(), since in theory it should never happen. However, if a<br /> malicious attaker (or fuzzer) modifies the superblock via the block<br /> device while it is the file system is mounted, it is possible for<br /> s_first_data_block to get set to a very large number. In that case,<br /> when calculating the block group of some block number (such as the<br /> starting block of a preallocation region), could result in an<br /> underflow and very large block group number. Then the BUG_ON check in<br /> ext4_get_group_info() would fire, resutling in a denial of service<br /> attack that can be triggered by root or someone with write access to<br /> the block device.<br /> <br /> For a quality of implementation perspective, it&amp;#39;s best that even if<br /> the system administrator does something that they shouldn&amp;#39;t, that it<br /> will not trigger a BUG. So instead of BUG&amp;#39;ing, ext4_get_group_info()<br /> will call ext4_error and return NULL. We also add fallback code in<br /> all of the callers of ext4_get_group_info() that it might NULL.<br /> <br /> Also, since ext4_get_group_info() was already borderline to be an<br /> inline function, un-inline it. The results in a next reduction of the<br /> compiled text size of ext4 by roughly 2k.