Re: [SECURITY] ext4: KASAN use-after-free and Oops in ext4_xattr_set_entry with crafted ext4 image

Next message: Siddharth Vadapalli: "Re: [PATCH v5 4/4] PCI: keystone: Add support to build as a loadable module"
Previous message: Qianchang Zhao: "[PATCH v2] ksmbd: clear 'encrypted' on encrypt_resp() failure to send plaintext error"
In reply to: &#x7AE0;&#x603F;&#x8D3A;: "[SECURITY] ext4: KASAN use-after-free and Oops in ext4_xattr_set_entry with crafted ext4 image"
Next in thread: Greg KH: "Re: Re: [SECURITY] ext4: KASAN use-after-free and Oops in ext4_xattr_set_entry with crafted ext4 image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Thu Nov 06 2025 - 02:00:31 EST

On Wed, Nov 05, 2025 at 10:39:26PM +0800, 章怿贺 wrote:
> A local unprivileged user who can mount a crafted ext4 filesystem image and call lsetxattr() on a file inside that filesystem can trigger:

Note, if you can do this, all bets are off as has been explained many
times on this list :)

The real question is, does fsck catch this issue before mounting the
filesystem? If not, can you send a patch to fix that?

Also, do you have a patch to fix this issue so that you get the credit
for fixing it? As you have a reproducer, you seem to have an easy way
to test this :)

thanks,

greg k-h