Gautham Ananthakrishna

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel has been resolved, related to the ocfs2 filesystem. The issue occurred during the reflink workflow while reserving space for inline xattr, causing corruption. The problematic function is `ocfs2 reflink xattr inline()`, which reserves space for inline xattrs at the destination inode without checking if there is space at the root metadata block. This results in corruption when the inode already has extents beyond the index. The fix involves reserving space for inline metadata at the destination inode before the reflink tree gets recreated. Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the `ocfs2 reflink xattr inline()` function until a patch is available. Restrict access to the ocfs2 filesystem to minimize the risk of exploitation. Avoid using the `ocfs2` filesystem until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a race condition between the `ocfs2 test bg bit allocatable()` and `jbd2 journal put journal head()` functions in the Linux kernel's ocfs2 component. This race condition can lead to a situation where the `bg bh->b private` becomes NULL, causing a panic. The problem arises when `ocfs2 test bg bit allocatable()` calls `bh2jh(bg bh)` and `jbd2 journal put journal head()` releases the journal head from the buffer head simultaneously. To fix this, a bit lock for the `BH JournalHead` bit is required. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.