Hi Richard, rich...@nod.at wrote on Fri, 2 Aug 2024 18:36:47 +0200:
> The squashfs driver blindly follows symlinks, and calls sqfs_size() > recursively. So an attacker can create a crafted filesystem and with > a deep enough nesting level a stack overflow can be achieved. > > Fix by limiting the nesting level to 8. > > Signed-off-by: Richard Weinberger <rich...@nod.at> Reviewed-by: Miquel Raynal <miquel.ray...@bootlin.com> Thanks, Miquèl
