CVE-2024-26590 Information

Description

In the Linux kernel the following vulnerability has been resolved:

erofs: fix inconsistent per-file compression format

EROFS can select compression algorithms on a per-file basis and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization.

However syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes e.g. use MicroLZMA algorithmtype even it’s not set in sbi->available_compr_algs. This can lead to an unexpected \BUG: kernel NULL pointer dereference\ if the corresponding decompressor isn’t built-in.

Fix this by checking against sbi->available_compr_algs for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously.

Reference

https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724 https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199 https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4