RAVENPLAT-310: Kernel components ext4 filesystem - CVE-2018-10880[1/1]

PD#SWPL-15901 Problem: In ext4_xattr_make_inode_space of xattr.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is needed for exploitation. Solution: The fix is designed to never move system.data out of the inode. Platform: Raven Verify: Raven Change-Id: I0820e6e84c8a5ab7d40d14ce14c11f9f8e1f9503 Signed-off-by: Hanjie Lin <hanjie.lin@amlogic.com>
2026-06-07 11:26:02 +09:00 · 2018-12-19 16:24:32 +08:00
parent ba76bfeef6
commit b3c3282c25
1 changed files with 5 additions and 0 deletions
--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -1416,6 +1416,11 @@ static int ext4_xattr_make_inode_space(handle_t *handle, struct inode *inode,
 		last = IFIRST(header);
 		/* Find the entry best suited to be pushed into EA block */
 		for (; !IS_LAST_ENTRY(last); last = EXT4_XATTR_NEXT(last)) {
+			/* never move system.data out of the inode */
+			if ((last->e_name_len == 4) &&
+			    (last->e_name_index == EXT4_XATTR_INDEX_SYSTEM) &&
+			    !memcmp(last->e_name, "data", 4))
+				continue;
 			total_size =
 			EXT4_XATTR_SIZE(le32_to_cpu(last->e_value_size)) +
 					EXT4_XATTR_LEN(last->e_name_len);