Description
In the Linux kernel, the following vulnerability has been resolved: fat: avoid parent link count underflow in rmdir Corrupted FAT images can leave a directory inode with an incorrect i_nlink (e.g. 2 even though subdirectories exist). rmdir then unconditionally calls drop_nlink(dir) and can drive i_nlink to 0, triggering the WARN_ON in drop_nlink(). Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the parent link count when it is at least 3, otherwise report a filesystem error.
Product status
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before 7fe0de287e931e07cb96ecf1f449b2ebdb0e1115
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before 9894c79fd9466612d0514be157b5c30cd93aa645
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before cd569b87378b9c33ae13c23d6bb9d205d66f7c4b
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before d3b7ffa90f613938128432c7b2f35b7aa4bdd86b
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before 955c5d670b5ae07c78f4345e23a895638db96ce1
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before 17866f8a0822d414cb02e621cf003a7d04396ef8
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0
9a53c3a783c2fa9b969628e65695c11c3e51e673 (git) before 8cafcb881364af5ef3a8b9fed4db254054033d8a
2.6.19
Any version before 2.6.19
5.10.252 (semver)
5.15.202 (semver)
6.1.165 (semver)
6.6.128 (semver)
6.12.75 (semver)
6.18.14 (semver)
6.19.4 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/7fe0de287e931e07cb96ecf1f449b2ebdb0e1115
git.kernel.org/...c/9894c79fd9466612d0514be157b5c30cd93aa645
git.kernel.org/...c/cd569b87378b9c33ae13c23d6bb9d205d66f7c4b
git.kernel.org/...c/d3b7ffa90f613938128432c7b2f35b7aa4bdd86b
git.kernel.org/...c/955c5d670b5ae07c78f4345e23a895638db96ce1
git.kernel.org/...c/17866f8a0822d414cb02e621cf003a7d04396ef8
git.kernel.org/...c/d0bb592fa9def2bace90ac8926c0a1d6fa8c1aa0
git.kernel.org/...c/8cafcb881364af5ef3a8b9fed4db254054033d8a