Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by error") doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be shifted by one unit after cleanup an array entry. - current code logic doesn't cleanup the first entry when xh_count is 1. Note, commit c06c303832ec is also a bug fix for 0fe9b66c65f3.
Product status
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before c44d86ca949cb1e5566ad14510cc26fa1a17e2d8
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before 02acc9f72365e50eb45a56b7dacb9114ca3b503c
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before 8ff329353134280b203cb2bce95311cb8f7cbd8a
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before bb273b68c1719c2925e05557f7e7099edb066680
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before b2952dbeac2c3c527cb0519d5ffaeb95b062466a
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before 3bdc3766aafb052aef4baadef455a84c1c0a059d
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before 2f4daccd9d9b8b2952df7878df8c2e8ba6439398
0fe9b66c65f3ff227da45381afe7612f91e32740 (git) before 5138c936c2c82c9be8883921854bc6f7e1177d8c
2.6.32
Any version before 2.6.32
5.10.252 (semver)
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.16 (semver)
6.19.6 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/c44d86ca949cb1e5566ad14510cc26fa1a17e2d8
git.kernel.org/...c/02acc9f72365e50eb45a56b7dacb9114ca3b503c
git.kernel.org/...c/8ff329353134280b203cb2bce95311cb8f7cbd8a
git.kernel.org/...c/bb273b68c1719c2925e05557f7e7099edb066680
git.kernel.org/...c/b2952dbeac2c3c527cb0519d5ffaeb95b062466a
git.kernel.org/...c/3bdc3766aafb052aef4baadef455a84c1c0a059d
git.kernel.org/...c/2f4daccd9d9b8b2952df7878df8c2e8ba6439398
git.kernel.org/...c/5138c936c2c82c9be8883921854bc6f7e1177d8c