Christian Brauner

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, related to the ext4 filesystem. When the filesystem is mounted with errors=remount-ro, the code previously set the SB RDONLY flag to stop all filesystem modifications. However, this approach missed proper locking and did not follow the proper filesystem remount procedure. The issue was triggered by syzbot, which found a way to cause warnings in filesystem freezing due to the SB RDONLY flag changing. The fix involves stopping the modification of SB RDONLY, as setting EXT4 FLAGS SHUTDOWN on the superblock is sufficient to stop all filesystem modifications. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a regression introduced by a commit that added general notification queue support, which caused resized pipes to lock up under certain conditions. This occurred because the commit resizing the pipe ring size was moved to a different function, resulting in the wakeup for `pipe->wr wait` being triggered before actually raising `pipe->max usage`. If a pipe was full before the resize occurred, it would result in the wakeup never actually triggering `pipe write`. The vulnerability is associated with incorrect blocking in the `pipe resize ring()` and `pipe set size()` functions in `fs/pipe.c`. Exploitation of this vulnerability could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability was found in the fs/inode.c:inode init owner() function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended group ownership and with group execution and SGID permission bits set. The vulnerability can be exploited in a scenario where a directory is SGID, belongs to a certain group, and is writable by a user who is not a member of this group, leading to excessive permissions being granted. The vulnerability is related to the incorrect setting of group access attributes when creating files in the XFS file system, which can allow an attacker to elevate their privileges, gain access to protected information, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.15-rc8 **Description** The issue is related to a NULL pointer dereference bug in the ` netlink ns capable()` function, located in the net/netlink/af netlink.c file. A local attacker could exploit this bug when a net namespace with a netnsid is assigned, potentially causing a kernel panic and a denial of service. **Recommendations** For Linux kernel versions prior to 4.15-rc8, update to version 4.15-rc8 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` netlink ns capable()` function to minimize the risk of exploitation.