Description
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
Product status
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 6c627bcc1896ba62ec793d0c00da74f3c93ce3ad
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 204b1b02ee018ba52ad2ece21fe3a8643d66a1b2
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 82ebecdc74ff555daf70b811d854b1f32a296bea
6.12.59 (semver)
6.17.9 (semver)
6.18 (original_commit_for_fix)
References
git.kernel.org/...c/6c627bcc1896ba62ec793d0c00da74f3c93ce3ad
git.kernel.org/...c/204b1b02ee018ba52ad2ece21fe3a8643d66a1b2
git.kernel.org/...c/82ebecdc74ff555daf70b811d854b1f32a296bea
