diff options
author | Egbert Eich <eich@suse.com> | 2022-12-02 20:24:14 (GMT) |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-12-02 20:24:14 (GMT) |
commit | 24700e8f0607e9a3782c843528e2c5a892d4d6f6 (patch) | |
tree | cf12df8269a0ba0f384921b257c0d7d36dcb6a12 /release_docs | |
parent | 88b24c258b8d938ab19eb015d019162bd66d5be6 (diff) | |
download | hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.zip hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.gz hdf5-24700e8f0607e9a3782c843528e2c5a892d4d6f6.tar.bz2 |
CVE 2021 46242 develop (#2255)
* When evicting driver info block, NULL the corresponding entry
Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag
H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing the
pointer in f->shared->drvinfo will prevent use-after-free when it is used in other
functions (like H5F__dest()) - as other places will check whether the pointer is
initialized before using its value.
This fixes CVE-2021-46242 / Bug #2254
Signed-off-by: Egbert Eich <eich@suse.com>
* When evicting the superblock, NULL the corresponding entry
The call to H5AC_expunge_entry() will free the corresonding structure,
to avoid a use-after-free, the corrsponding pointer entry will be NULLed.
Signed-off-by: Egbert Eich <eich@suse.com>
Signed-off-by: Egbert Eich <eich@suse.com>
Diffstat (limited to 'release_docs')
-rw-r--r-- | release_docs/RELEASE.txt | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/release_docs/RELEASE.txt b/release_docs/RELEASE.txt index 8709686..c71c4fa 100644 --- a/release_docs/RELEASE.txt +++ b/release_docs/RELEASE.txt @@ -172,6 +172,18 @@ Bug Fixes since HDF5-1.13.3 release =================================== Library ------- + - Fix CVE-2021-46242 / GHSA-x9pw-hh7v-wjpf + + When evicting driver info block, NULL the corresponding entry. + + Since H5C_expunge_entry() called (from H5AC_expunge_entry()) sets the flag + H5C__FLUSH_INVALIDATE_FLAG, the driver info block will be freed. NULLing + the pointer in f->shared->drvinfo will prevent use-after-free when it is + used in other functions (like H5F__dest()) - as other places will check + whether the pointer is initialized before using its value. + + (EFE - 2022/09/29 GH-2254) + - Fix CVE-2018-13867 / GHSA-j8jr-chrh-qfrf Validate location (offset) of the accumulated metadata when comparing. |