In the Linux kernel, the following vulnerability has been resolved:
erofs: fix inconsistent per-file compression format
EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization.
However, syzkaller can generate inconsistent crafted images that use
an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA
algorithmtype even its not set in sbi->available_compr_algs. This
can lead to an unexpected BUG: kernel NULL pointer dereference if
the corresponding decompressor isnt built-in.
Fix this by checking against sbi->available_compr_algs for each
m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset
bitmap is now fixed together since it was harmless previously.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 5.16.0 (including) | 6.6.14 (excluding) |
| Linux_kernel | Linux | 6.7.0 (including) | 6.7.2 (excluding) |