1.3 KiB
CVE-2024-26590
Description
In the Linux kernel, the following vulnerability has been resolved:erofs: fix inconsistent per-file compression formatEROFS can select compression algorithms on a per-file basis, and eachper-file compression algorithm needs to be marked in the on-disksuperblock for initialization.However, syzkaller can generate inconsistent crafted images that usean unsupported algorithmtype for specific inodes, e.g. use MicroLZMAalgorithmtype even it's not set in sbi->available_compr_algs. Thiscan lead to an unexpected "BUG: kernel NULL pointer dereference" ifthe corresponding decompressor isn't built-in.Fix this by checking against sbi->available_compr_algs for eachm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs presetbitmap is now fixed together since it was harmless previously.
POC
Reference
No PoCs from references.