In the Linux kernel, the following vulnerability has been resolved:
erofs: fix inconsistent per-file compression format
EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization.
However, syzkaller can generate inconsistent crafted images that use
an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA
algorithmtype even it's not set in sbi->available_compr_algs
. This
can lead to an unexpected "BUG: kernel NULL pointer dereference" if
the corresponding decompressor isn't built-in.
Fix this by checking against sbi->available_compr_algs
for each
malgorithmformat request. Incorrect !erofssbhascompr_cfgs preset
bitmap is now fixed together since it was harmless previously.