In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in picklink" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfsreadinode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->isize. 2. Later squashfssymlinkread_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-7.7", "binary_name": "linux-bpf-dev" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-buildinfo-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-buildinfo-6.11.0-7-generic-64k" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-cloud-tools-6.11.0-7" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-cloud-tools-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-cloud-tools-common" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-doc" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-headers-6.11.0-7" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-headers-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-headers-6.11.0-7-generic-64k" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-6.11.0-7-generic-dbgsym" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-unsigned-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-unsigned-6.11.0-7-generic-64k" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-unsigned-6.11.0-7-generic-64k-dbgsym" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-image-unsigned-6.11.0-7-generic-dbgsym" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-lib-rust-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-libc-dev" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-6.11.0-7-generic-64k" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-extra-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-ipu6-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-ipu7-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-iwlwifi-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-usbio-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-modules-vision-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-source-6.11.0" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-tools-6.11.0-7" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-tools-6.11.0-7-generic" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-tools-6.11.0-7-generic-64k" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-tools-common" }, { "binary_version": "6.11.0-7.7", "binary_name": "linux-tools-host" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1002.2", "binary_name": "linux-aws-cloud-tools-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-aws-headers-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-aws-tools-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-buildinfo-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-cloud-tools-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-headers-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-aws-dbgsym" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-modules-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-modules-extra-6.11.0-1002-aws" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-tools-6.11.0-1002-aws" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1003.3", "binary_name": "linux-azure-cloud-tools-6.11.0-1003" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-azure-headers-6.11.0-1003" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-azure-tools-6.11.0-1003" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-buildinfo-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-cloud-tools-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-headers-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-image-unsigned-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-image-unsigned-6.11.0-1003-azure-dbgsym" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-modules-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-modules-extra-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-modules-iwlwifi-6.11.0-1003-azure" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-tools-6.11.0-1003-azure" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1001.1", "binary_name": "linux-buildinfo-6.11.0-1001-gcp" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-gcp-headers-6.11.0-1001" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-gcp-tools-6.11.0-1001" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-headers-6.11.0-1001-gcp" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-image-unsigned-6.11.0-1001-gcp" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-image-unsigned-6.11.0-1001-gcp-dbgsym" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-modules-6.11.0-1001-gcp" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-modules-extra-6.11.0-1001-gcp" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-tools-6.11.0-1001-gcp" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1002.2", "binary_name": "linux-buildinfo-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-buildinfo-6.11.0-1002-lowlatency-64k" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-cloud-tools-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-headers-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-headers-6.11.0-1002-lowlatency-64k" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-lowlatency-64k" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-lowlatency-64k-dbgsym" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-image-unsigned-6.11.0-1002-lowlatency-dbgsym" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-cloud-tools-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-cloud-tools-common" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-headers-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-lib-rust-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-tools-6.11.0-1002" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-tools-common" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-lowlatency-tools-host" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-modules-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-modules-6.11.0-1002-lowlatency-64k" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-modules-iwlwifi-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-tools-6.11.0-1002-lowlatency" }, { "binary_version": "6.11.0-1002.2", "binary_name": "linux-tools-6.11.0-1002-lowlatency-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1004.4", "binary_name": "linux-buildinfo-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-buildinfo-6.11.0-1004-oracle-64k" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-headers-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-headers-6.11.0-1004-oracle-64k" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-image-unsigned-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-image-unsigned-6.11.0-1004-oracle-64k" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-image-unsigned-6.11.0-1004-oracle-64k-dbgsym" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-image-unsigned-6.11.0-1004-oracle-dbgsym" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-modules-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-modules-6.11.0-1004-oracle-64k" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-modules-extra-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-modules-extra-6.11.0-1004-oracle-64k" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-oracle-headers-6.11.0-1004" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-oracle-tools-6.11.0-1004" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-tools-6.11.0-1004-oracle" }, { "binary_version": "6.11.0-1004.4", "binary_name": "linux-tools-6.11.0-1004-oracle-64k" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1003.3", "binary_name": "linux-buildinfo-6.11.0-1003-raspi" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-headers-6.11.0-1003-raspi" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-image-6.11.0-1003-raspi" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-image-6.11.0-1003-raspi-dbgsym" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-modules-6.11.0-1003-raspi" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-raspi-headers-6.11.0-1003" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-raspi-tools-6.11.0-1003" }, { "binary_version": "6.11.0-1003.3", "binary_name": "linux-tools-6.11.0-1003-raspi" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-1001.1", "binary_name": "linux-buildinfo-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-cloud-tools-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-headers-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-image-unsigned-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-image-unsigned-6.11.0-1001-realtime-dbgsym" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-modules-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-modules-extra-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-modules-iwlwifi-6.11.0-1001-realtime" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-realtime-cloud-tools-6.11.0-1001" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-realtime-headers-6.11.0-1001" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-realtime-tools-6.11.0-1001" }, { "binary_version": "6.11.0-1001.1", "binary_name": "linux-tools-6.11.0-1001-realtime" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-buildinfo-6.11.0-8-generic" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-headers-6.11.0-8-generic" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-image-6.11.0-8-generic" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-image-6.11.0-8-generic-dbgsym" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-modules-6.11.0-8-generic" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-riscv-headers-6.11.0-8" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-riscv-tools-6.11.0-8" }, { "binary_version": "6.11.0-8.8.1", "binary_name": "linux-tools-6.11.0-8-generic" } ] }