https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Bug ID: 2093320 Summary: CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: ddepaula@redhat.com, epel-packagers-sig@lists.fedoraproject.org, jferlan@redhat.com, kparal@redhat.com, ngompa13@gmail.com, rjones@redhat.com, spotrh@gmail.com, virt-maint@redhat.com Target Milestone: --- Classification: Other
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 https://github.com/tuxera/ntfs-3g/releases
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2093325, 2093321, 2093324, | |2093323, 2093322
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2093321 [Bug 2093321] CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093322 [Bug 2093322] CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093323 [Bug 2093323] CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093324 [Bug 2093324] CVE-2022-30785 ntfs2btrfs: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093325 [Bug 2093325] CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created ntfs-3g tracking bugs for this issue:
Affects: epel-all [bug 2093322] Affects: fedora-all [bug 2093321]
Created ntfs-3g-system-compression tracking bugs for this issue:
Affects: epel-all [bug 2093323] Affects: fedora-all [bug 2093325]
Created ntfs2btrfs tracking bugs for this issue:
Affects: fedora-all [bug 2093324]
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2093356
https://bugzilla.redhat.com/show_bug.cgi?id=2093320 Bug 2093320 depends on bug 2093321, which changed state.
Bug 2093321 Summary: CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093321
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093320 Bug 2093320 depends on bug 2093325, which changed state.
Bug 2093325 Summary: CVE-2022-30785 ntfs-3g-system-compression: ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093325
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093320 Bug 2093320 depends on bug 2093322, which changed state.
Bug 2093322 Summary: CVE-2022-30785 ntfs-3g: a file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2093322
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |ntfs-3g 2022.5.17
https://bugzilla.redhat.com/show_bug.cgi?id=2093320
--- Doc Text *updated* by Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- A vulnerability was found in NTFS-3G. A file handle created in fuse_lib_opendir and later used in fuse_lib_readdir allows out-of-bounds read/write operations.
epel-packagers-sig@lists.stg.fedoraproject.org