从这个网页截图中,我们可以获取到以下关于漏洞的关键信息: 1. 漏洞描述: - 漏洞描述为“KMSAN: uninit-value in pick_link”。 - 漏洞是由未初始化的页引起的,最终是由读取磁盘的损坏的符号链接大小引起的。 2. 原因分析: - 漏洞的原因是符号链接大小被读取为损坏的值,导致后续操作中未初始化的页。 - 具体过程如下: 1. 调用读取符号链接,将损坏的值分配给 。 2. 后续调用 将损坏的值分配给 变量,该变量被溢出,产生负数。 3. 循环填充页面内容时,检查复制的字节长度小于 ,负数意味着循环被跳过,导致未初始化的页。 3. 修复措施: - 该补丁添加了一个安全检查,确保符号链接大小不超过预期。 4. 补丁内容: - 补丁代码中添加了对符号链接大小的检查,确保其不超过预期值。 5. 补丁作者和签名: - 补丁由 Phillip Lougher 和 Christian Brauner 签名。 6. 相关链接: - 上游提交的链接:https://lore.kernel.org/r/20240811232821.13903-1-philipp@squashfs.org.uk - 报告链接:[https://lore.kernel.org/all/000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000