CVE-2024-39472 Information

Description

In the Linux kernel the following vulnerability has been resolved:

xfs: fix log recovery buffer allocation for the legacy h_size fixup

Commit a70f9fe52daa (s: detect and handle invalid iclog size set by mkfs) added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 (s: clean up calculation of LR header blocks) cleaned up the log reover buffer calculation but stoped using the fixed up h_size value to size the log recovery buffer which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool but a fuzzer.

Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation.

Reference

https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a