Follow-up on Linux Kernel Vulnerability [v5.15] KASAN-stack-out-of-bounds-Read in gfs2_file_buffered_write
From: Zhang Zhiyu
Date: Tue Nov 26 2024 - 07:15:11 EST
Dear Linux Kernel Developers and Maintainers,
I hope this message finds you well. I am following up on a previous
email I sent on March 3rd, 2024, regarding a stack out-of-bounds read
vulnerability in the Linux Kernel 5.15, specifically in the
gfs2_file_buffered_write function. Here is the link to the original
message I sent to the Linux kernel mailing list (but forgot to cc
syzkaller group):
https://lore.kernel.org/lkml/CALf2hKupR6mV4vUW8tWEJY_1CqaLLrqx5q2667XGEzEGnAtuQw@xxxxxxxxxxxxxx/T/
In that email, I attached a detailed analysis of the vulnerability,
demonstrating its validity and potential impact. I have noticed that
the issue is still being triggered on the latest 5.15.y branch, as
reported by Syzbot
(https://syzkaller.appspot.com/bug?extid=43147f1cd55d15dfbf7d), and I
would greatly appreciate your insights on whether this vulnerability
has been fully addressed in subsequent kernel releases.
Additionally, I would like to ask whether a CVE has been assigned for
this vulnerability or if there are any updates regarding its
resolution. I also want to discuss the CVSS score for this type of
vulnerability, which seems similar to other stack out-of-bounds read
issues in the Linux kernel (e.g., CVE-2023-6606, CVE-2024-39487,
CVE-2024-46743, CVE-2024-50227, CVE-2024-50301), all of which were
assigned the CVSS vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.
Thank you very much for your time and assistance. I look forward to
your response.
Best regards,
Zhiyu Zhang