From nobody Tue Aug 22 09:40:14 2023
X-Original-To: bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RVPTV1K91z4qf43
	for <bugs@mlmmj.nyi.freebsd.org>; Tue, 22 Aug 2023 09:40:14 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RVPTV09w0z3CYp
	for <bugs@FreeBSD.org>; Tue, 22 Aug 2023 09:40:14 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1692697214;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=ISaMAGFtjoBL4lujI1h2HC+VHTjA2ON1u3CROFHkOmY=;
	b=Ioplpdl+u2O2TcuRmUOvgemW+xFHeWuvgpJGckmpZliuPdkQQG3kBaskKJnLPkrDfWNZJW
	O9FYSt+C4MJcfnvpIL3EpzaIUqMsRujYCVBZewn6SR6IsEc2J7zykIz1U3w+D3Lc9Dt/A2
	Osul4PRhBPjaRV3M46BHbUpzZujx8G+BSMioWAjRqq4xvcNeF4+Ec1Bw8GBvRFrFaB92St
	nIDRv52sVp+mr5jTelvDjbeG4IUbQXm9Ia3+Iw0b5CKL4TRVYyfaZAl2SezKEtuOfu/cFE
	aPqn5ao35dmBIOZILlzwRPEj3qjJQhUxKA7WSp02RhMi3ab8LKEeQUe0M+dEiQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692697214; a=rsa-sha256; cv=none;
	b=APEpUbD63dpz0pTnka5vcD/Z6d8BgPRWcfLhkkP19iI8BADO8ICRWkOvRr6iXUw9to1zMC
	iH+DX4rSzJV1OSdy6zpGrRV7utp2yBTMs1BMm5EzwaZuijvnfUjf8cgWwJBpRMmW93KhUf
	vwnFENGmdrjGvE6EgkcBwDDW019qEYXWhv8Vfh3K0rJVkjNUHunOsxtptZYAhU8GULoytu
	bEFHJXpSHOnmj+dtYF0WAjgcPfF2x9ZUc/HNm7pcZFtqzOJt2VOPUCX3Bz4oLPF/l1jpBN
	sGM9uOStJb399c+EdxFReBFJxwGdbam76VwwN+mYV7d6Sox4fhdXsitrdQEH9w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RVPTT6LZhzyBb
	for <bugs@FreeBSD.org>; Tue, 22 Aug 2023 09:40:13 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 37M9eDSo053313
	for <bugs@FreeBSD.org>; Tue, 22 Aug 2023 09:40:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 37M9eDaf053312
	for bugs@FreeBSD.org; Tue, 22 Aug 2023 09:40:13 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 266562] malicious Linux LVM label can cause crash during taste
Date: Tue, 22 Aug 2023 09:40:14 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Some People
X-Bugzilla-Who: commit-hook@FreeBSD.org
X-Bugzilla-Status: Open
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-266562-227-Jcoda3S1wv@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-266562-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-266562-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-bugs
List-Help: <mailto:freebsd-bugs+help@freebsd.org>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Subscribe: <mailto:freebsd-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-bugs+unsubscribe@freebsd.org>
Sender: owner-freebsd-bugs@freebsd.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D266562

--- Comment #6 from commit-hook@FreeBSD.org ---
A commit in branch main references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3Dc941b82e1c31a67a025c43cc7bd31f269=
fa62588

commit c941b82e1c31a67a025c43cc7bd31f269fa62588
Author:     Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2023-08-22 09:20:10 +0000
Commit:     Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2023-08-22 09:20:10 +0000

    geom_linux_lvm: Check the offset of physical volume header

    The LVM label is stored on any of the first four sectors, and the
    PV (physical volume) header is stored within the same sector following
    the LVM label. The current implementation does not fully check the
    offset of PV header, when attaching a bad formatted LVM PV the kernel
    may crash due to out-of-bounds memory read.

    PR:     266562
    Reviewed by:    jhb
    MFC after:      2 weeks
    Differential Revision:  https://reviews.freebsd.org/D36773

 sys/geom/linux_lvm/g_linux_lvm.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

--=20
You are receiving this mail because:
You are the assignee for the bug.=