commit | 281de44633192f807ee16ad769122762db955255 | [log] [tgz] |
---|---|---|
author | royyang <royyang@google.com> | Wed Jul 21 10:49:52 2021 -0700 |
committer | Roy Yang <royyang@google.com> | Thu Jul 22 22:58:59 2021 +0000 |
tree | 948a34f3d409c5869b1f5786bfeaf285fb488136 | |
parent | 7241d5aaece198ab858863ec9d416e03bb8d8033 [diff] |
project-lakitu: Fixed CVE-2021-33910 The path may have unbounded length, for example through a fuse mount. CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo and each mountpoint is passed to mount_setup_unit(), which calls unit_name_path_escape() underneath. A local attacker who is able to mount a filesystem with a very long path can crash systemd and the whole system. upstream patch: https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9 BUG=b/194238992 TEST=presbumit RELEASE_NOTE=Fixed CVE-2021-33910 Change-Id: I4c56e3fd98d0c28b3989ef497cd6afd65b52a755 Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/19791 Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>