On 6/5/25 21:24, Solar Designer wrote:
On Tue, Jun 03, 2025 at 12:38:11PM +0200, Attila Szasz wrote:
[...]
Since then I checked, and 5.4 LTS (any<=5.6) had been vulnerable without
the need to ever mount an untrusted/malformed FS just by systematically
corrupting a vanilla fs's B-trees with normal operations.
This looks like another (and far more serious) problem. Mounting a
crafted malicious image is one thing, but being able to turn an
already-mounted legitimate filesystem malicious is quite another.
Are those "normal operations" available to unprivileged users?
Could a Web page potentially exploit this by manipulating the browser's
disk cache or other storage mechanisms? (Hopefully not, but that would
make this remotely exploitable on what is (I hope) an extremely rare
configuration.)
Do I correctly read "(any<=5.6)" as indicating that the filesystem
corruption bug has been fixed for a long time now?
-- Jacob
