[PATCH 0/5] Filesystem memory corruption fixes

Ahmad Fatoum a.fatoum at pengutronix.de
Wed Feb 19 08:47:39 PST 2025 

On 19.02.25 15:18, Sascha Hauer wrote:
> These are some fixes for memory corruptions that can occur on corrupted
> or manipulated filesystems.
> 
> In case you use one of the affected filesystems in a secure boot chain
> you should apply these patches.
> 
> Normally you shouldn't use a barebox filesystem in a secure boot chain,
> but instead use FIT images on a raw partition. We never made this explicit
> though. Ahmad has done this recently:
> 
> https://lore.kernel.org/barebox/20250217180949.3961860-3-a.fatoum@pengutronix.de/T/#u
> 
> I digged through the U-Boot code and there are a few CVE fixes in the
> ext4 code that we'll likely need as well. But even with these applied
> we don't consider the barebox filesystems as suitable for secure boot.
> 
> For those curious we consider adding support for dm-verity at some
> point. This would allow us to remove the attack surface from the
> filesystem implementations and we could also use bootspec rather than
> signed FIT images.
> 
> Sascha
> 
> Sascha Hauer (5):
>   CVE-2025-26722: fs: squashfs: Ensure positive inode length
>   CVE-2025-26724: fs: cramfs: fix malloc(size + constant) buffer
>     overflow issues
>   CVE-2025-26723: fs: ext4: fix malloc(size + constant) buffer overflow
>     issues
>   CVE-2025-26725: fs: jffs2: fix malloc(size + constant) buffer overflow
>     issues
>   CVE-2025-26721: fs: pstore: fix malloc(size + constant) buffer
>     overflow issues

I think the CVE id should better go into the commit message body, (maybe
with a Fixes: before it) and not into the title.


Thanks,
Ahmad

> 
>  fs/cramfs/cramfs.c    | 2 +-
>  fs/ext4/ext_barebox.c | 2 +-
>  fs/jffs2/malloc.c     | 4 ++--
>  fs/jffs2/nodelist.h   | 2 +-
>  fs/jffs2/readinode.c  | 2 +-
>  fs/pstore/fs.c        | 2 +-
>  fs/squashfs/symlink.c | 8 ++++++--
>  7 files changed, 13 insertions(+), 9 deletions(-)
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

More information about the barebox mailing list