Google Git
Sign in
cos / cos / overlays / board-overlays / 281de44633192f807ee16ad769122762db955255
commit281de44633192f807ee16ad769122762db955255[log] [tgz]
authorroyyang <royyang@google.com>Wed Jul 21 10:49:52 2021 -0700
committerRoy Yang <royyang@google.com>Thu Jul 22 22:58:59 2021 +0000
tree948a34f3d409c5869b1f5786bfeaf285fb488136
parent7241d5aaece198ab858863ec9d416e03bb8d8033 [diff]
project-lakitu: Fixed CVE-2021-33910

The path may have unbounded length, for example through a fuse mount.

CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.

upstream patch:
https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9

BUG=b/194238992
TEST=presbumit
RELEASE_NOTE=Fixed CVE-2021-33910

Change-Id: I4c56e3fd98d0c28b3989ef497cd6afd65b52a755
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/19791
Reviewed-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com>
3 files changed
tree: 948a34f3d409c5869b1f5786bfeaf285fb488136
  1. overlay-amd64-generic/
  2. overlay-amd64-host/
  3. overlay-arm-generic/
  4. overlay-arm64-generic/
  5. overlay-lakitu/
  6. overlay-lakitu-arm64/
  7. overlay-site-amd64-hw/
  8. overlay-x32-generic/
  9. overlay-x86-generic/
  10. project-lakitu/
  11. .presubmitignore
  12. PRESUBMIT.cfg
  13. README