{"release":{"tag":{"name":"4.19.90-2209.5.0","path":"/openeuler/kernel/tags/4.19.90-2209.5.0","tree_path":"/openeuler/kernel/tree/4.19.90-2209.5.0","message":"4.19.90-2209.5.0","commit":{"id":"01334116271037a711ad49b9a610fed00be4fa1b","short_id":"0133411","title":"jfs: prevent NULL deref in diFree","title_markdown":"jfs: prevent NULL deref in diFree","description":"\nstable inclusion\nfrom stable-v5.10.111\ncommit b9c5ac0a15f24d63b20f899072fa6dd8c93af136\ncategory: bugfix\nbugzilla: https://gitee.com/src-openeuler/kernel/issues/I5RX0N?from=project-issue\nCVE: CVE-2022-3202\n\n--------------------------------\n\n[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]\n\nAdd validation check for JFS_IP(ipimap)-\u003Ei_imap to prevent a NULL deref\nin diFree since diFree uses it without do any validations.\nWhen function jfs_mount calls diMount to initialize fileset inode\nallocation map, it can fail and JFS_IP(ipimap)-\u003Ei_imap won't be\ninitialized. Then it calls diFreeSpecial to close fileset inode allocation\nmap inode and it will flow into jfs_evict_inode. Function jfs_evict_inode\njust validates JFS_SBI(inode-\u003Ei_sb)-\u003Eipimap, then calls diFree. diFree use\nJFS_IP(ipimap)-\u003Ei_imap directly, then it will cause a NULL deref.\n\nReported-by: TCS Robot \u003Ctcs_robot@tencent.com\u003E\nSigned-off-by: Haimin Zhang \u003Ctcs_kernel@tencent.com\u003E\nSigned-off-by: Dave Kleikamp \u003Cdave.kleikamp@oracle.com\u003E\nSigned-off-by: Sasha Levin \u003Csashal@kernel.org\u003E\nSigned-off-by: Wang Hai \u003Cwanghai38@huawei.com\u003E\nSigned-off-by: ZhaoLong Wang \u003Cwangzhaolong1@huawei.com\u003E\nReviewed-by: Zhang Yi \u003Cyi.zhang@huawei.com\u003E\nSigned-off-by: Laibin Qiu \u003Cqiulaibin@huawei.com\u003E","description_markdown":"stable inclusion\nfrom stable-v5.10.111\ncommit b9c5ac0a15f24d63b20f899072fa6dd8c93af136\ncategory: bugfix\nbugzilla: \u003Ca title=\"Issue: CVE-2022-3202\" class=\"gfm gfm-issue\" href=\"/open_euler/dashboard?issue_id=I5RX0N\u0026amp;from=project-issue\"\u003E#I5RX0N\u003C/a\u003ECVE: CVE-2022-3202\n--------------------------------\n[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]\nAdd validation check for JFS_IP(ipimap)-\u0026gt;i_imap to prevent a NULL deref\nin diFree since diFree uses it without do any validations.\nWhen function jfs_mount calls diMount to initialize fileset inode\nallocation map, it can fail and JFS_IP(ipimap)-\u0026gt;i_imap won't be\ninitialized. Then it calls diFreeSpecial to close fileset inode allocation\nmap inode and it will flow into jfs_evict_inode. Function jfs_evict_inode\njust validates JFS_SBI(inode-\u0026gt;i_sb)-\u0026gt;ipimap, then calls diFree. diFree use\nJFS_IP(ipimap)-\u0026gt;i_imap directly, then it will cause a NULL deref.\nReported-by: TCS Robot \nSigned-off-by: Haimin Zhang \nSigned-off-by: Dave Kleikamp \u003Ca href=\"mailto:dave.kleikamp@oracle.com\"\u003Edave.kleikamp@oracle.com\u003C/a\u003E\nSigned-off-by: Sasha Levin \u003Ca href=\"mailto:sashal@kernel.org\"\u003Esashal@kernel.org\u003C/a\u003E\nSigned-off-by: Wang Hai \u003Ca href=\"mailto:wanghai38@huawei.com\"\u003Ewanghai38@huawei.com\u003C/a\u003E\nSigned-off-by: ZhaoLong Wang \u003Ca href=\"mailto:wangzhaolong1@huawei.com\"\u003Ewangzhaolong1@huawei.com\u003C/a\u003E\nReviewed-by: Zhang Yi \u003Ca href=\"mailto:yi.zhang@huawei.com\"\u003Eyi.zhang@huawei.com\u003C/a\u003E\nSigned-off-by: Laibin Qiu \u003Ca href=\"mailto:qiulaibin@huawei.com\"\u003Eqiulaibin@huawei.com\u003C/a\u003E","message":"jfs: prevent NULL deref in diFree\n\nstable inclusion\nfrom stable-v5.10.111\ncommit b9c5ac0a15f24d63b20f899072fa6dd8c93af136\ncategory: bugfix\nbugzilla: https://gitee.com/src-openeuler/kernel/issues/I5RX0N?from=project-issue\nCVE: CVE-2022-3202\n\n--------------------------------\n\n[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]\n\nAdd validation check for JFS_IP(ipimap)-\u003Ei_imap to prevent a NULL deref\nin diFree since diFree uses it without do any validations.\nWhen function jfs_mount calls diMount to initialize fileset inode\nallocation map, it can fail and JFS_IP(ipimap)-\u003Ei_imap won't be\ninitialized. Then it calls diFreeSpecial to close fileset inode allocation\nmap inode and it will flow into jfs_evict_inode. Function jfs_evict_inode\njust validates JFS_SBI(inode-\u003Ei_sb)-\u003Eipimap, then calls diFree. diFree use\nJFS_IP(ipimap)-\u003Ei_imap directly, then it will cause a NULL deref.\n\nReported-by: TCS Robot \u003Ctcs_robot@tencent.com\u003E\nSigned-off-by: Haimin Zhang \u003Ctcs_kernel@tencent.com\u003E\nSigned-off-by: Dave Kleikamp \u003Cdave.kleikamp@oracle.com\u003E\nSigned-off-by: Sasha Levin \u003Csashal@kernel.org\u003E\nSigned-off-by: Wang Hai \u003Cwanghai38@huawei.com\u003E\nSigned-off-by: ZhaoLong Wang \u003Cwangzhaolong1@huawei.com\u003E\nReviewed-by: Zhang Yi \u003Cyi.zhang@huawei.com\u003E\nSigned-off-by: Laibin Qiu \u003Cqiulaibin@huawei.com\u003E\n","message_markdown":"jfs: prevent NULL deref in diFree\nstable inclusion\nfrom stable-v5.10.111\ncommit b9c5ac0a15f24d63b20f899072fa6dd8c93af136\ncategory: bugfix\nbugzilla: \u003Ca title=\"Issue: CVE-2022-3202\" class=\"gfm gfm-issue\" href=\"/open_euler/dashboard?issue_id=I5RX0N\u0026amp;from=project-issue\"\u003E#I5RX0N\u003C/a\u003ECVE: CVE-2022-3202\n--------------------------------\n[ Upstream commit a53046291020ec41e09181396c1e829287b48d47 ]\nAdd validation check for JFS_IP(ipimap)-\u0026gt;i_imap to prevent a NULL deref\nin diFree since diFree uses it without do any validations.\nWhen function jfs_mount calls diMount to initialize fileset inode\nallocation map, it can fail and JFS_IP(ipimap)-\u0026gt;i_imap won't be\ninitialized. Then it calls diFreeSpecial to close fileset inode allocation\nmap inode and it will flow into jfs_evict_inode. Function jfs_evict_inode\njust validates JFS_SBI(inode-\u0026gt;i_sb)-\u0026gt;ipimap, then calls diFree. diFree use\nJFS_IP(ipimap)-\u0026gt;i_imap directly, then it will cause a NULL deref.\nReported-by: TCS Robot \nSigned-off-by: Haimin Zhang \nSigned-off-by: Dave Kleikamp \u003Ca href=\"mailto:dave.kleikamp@oracle.com\"\u003Edave.kleikamp@oracle.com\u003C/a\u003E\nSigned-off-by: Sasha Levin \u003Ca href=\"mailto:sashal@kernel.org\"\u003Esashal@kernel.org\u003C/a\u003E\nSigned-off-by: Wang Hai \u003Ca href=\"mailto:wanghai38@huawei.com\"\u003Ewanghai38@huawei.com\u003C/a\u003E\nSigned-off-by: ZhaoLong Wang \u003Ca href=\"mailto:wangzhaolong1@huawei.com\"\u003Ewangzhaolong1@huawei.com\u003C/a\u003E\nReviewed-by: Zhang Yi \u003Ca href=\"mailto:yi.zhang@huawei.com\"\u003Eyi.zhang@huawei.com\u003C/a\u003E\nSigned-off-by: Laibin Qiu \u003Ca href=\"mailto:qiulaibin@huawei.com\"\u003Eqiulaibin@huawei.com\u003C/a\u003E","detail_path":"/openeuler/kernel/commit/01334116271037a711ad49b9a610fed00be4fa1b","commits_path":"/openeuler/kernel/commits/01334116271037a711ad49b9a610fed00be4fa1b","tree_path":"/openeuler/kernel/tree/01334116271037a711ad49b9a610fed00be4fa1b","author":{"name":"Haimin Zhang","email":"tcs_kernel@tencent.com","username":null,"user_path":null,"enterprise_user_path":null,"image_path":"no_portrait.png#Haimin Zhang-","is_gitee_user":false,"is_enterprise_user":null,"widget_url":null},"committer":{"name":"Qiuuuuu","email":"qiulaibin@huawei.com","username":"qiuuuuu","user_path":"/qiuuuuu","enterprise_user_path":null,"image_path":"no_portrait.png#Qiuuuuu-qiuuuuu","is_gitee_user":true,"is_enterprise_user":false,"widget_url":""},"authored_date":"2022-09-20T10:22:13+08:00","committed_date":"2022-09-20T10:09:49+08:00","signature":null,"build_state":null},"archive_path":"/openeuler/kernel/repository/archive/4.19.90-2209.5.0","signature":null},"operating":{"edit":false,"download":true,"destroy":false,"enterprise_forbid_zip":false},"release":{"title":"openEuler 20.03 update 4.19.90-2209.5.0","path":"/openeuler/kernel/releases/tag/4.19.90-2209.5.0","tag_path":"/openeuler/kernel/tree/4.19.90-2209.5.0","project_id":7696525,"created_at":"2022-09-20T10:22:11+08:00","is_prerelease":false,"description":"# 1TASK\r\n-------\r\n# 4.19.90-2209.4.0~1...4.19.90-2209.5.0\r\n-------\r\n| TASK | COMMIT |\r\n|:----:|:------:|\r\n|     bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5RX0N?from=project-issue | 013341162710 jfs: prevent NULL deref in diFree\u003Cbr\u003E6a2d6565c653 jfs: fix GPF in diFree\u003Cbr\u003E |\r\n\r\n# 2CVE\r\n-------\r\n| CVE | issue |\r\n|:---:|:-----:|\r\n| CVE-2022-3202 | #I5QWJN |\r\n","author":{"name":"Qiuuuuu","username":"qiuuuuu","path":"/qiuuuuu","avatar_url":"no_portrait.png#Qiuuuuu-qiuuuuu"},"attach_files":[],"zip_download_url":"/openeuler/kernel/releases/tag/4.19.90-2209.5.0.zip","tar_download_url":"/openeuler/kernel/releases/tag/4.19.90-2209.5.0.tar.gz"}}}