从这个网页截图中,我们可以获取到以下关于漏洞的关键信息: 1. 漏洞描述: - 漏洞描述为“KMSAN: uninit-value in pick_link”。 - 漏洞是由未初始化的页引起的,最终是由读取磁盘的损坏的符号链接大小引起的。 2. 原因分析: - 漏洞的原因是由于以下事件序列: 1. 被调用以读取磁盘上的符号链接。这将损坏的值 3875536935 赋予 。 2. 后续的 被调用,将这个损坏的值赋予长度变量,该变量是一个 signed int,导致溢出产生负数。 3. 随后的循环填充页面内容时检查,该循环的长度小于实际长度,这意味着循环被跳过,产生未初始化的页。 3. 修复措施: - 该补丁添加了一个 sanity check,检查符号链接大小是否大于预期。 4. 补丁内容: - 补丁代码中添加了对符号链接大小的检查,确保其大小不超过预期。 5. 补丁作者和签名: - 补丁由 Phillip Lougher 和 Christian Brauner 签名。 6. 相关链接: - 上游提交的链接:https://lore.kernel.org/r/20240811232821.13903-1-philipp@squashfs.org.uk - 报告链接:[https://lore.kernel.org/all/00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000