Fix CVE-2025-24965
This commit is contained in:
zhihang
parent
f89ebe9755
commit
ba79d77e62
41
0001-CVE-2025-24965.patch
Normal file
41
0001-CVE-2025-24965.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From b79b4ba532316faa0b4147bc4edb5e6f14f5f18d Mon Sep 17 00:00:00 2001
|
||||
From: zhihang <zhihang161013@outlook.com>
|
||||
Date: Fri, 7 Mar 2025 02:22:00 +0000
|
||||
Subject: [PATCH] CVE-2025-24965
|
||||
|
||||
Signed-off-by: zhihang <zhihang161013@outlook.com>
|
||||
---
|
||||
src/libcrun/handlers/krun.c | 10 +++++++++-
|
||||
1 file changed, 9 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libcrun/handlers/krun.c b/src/libcrun/handlers/krun.c
|
||||
index 0342a33..2437967 100644
|
||||
--- a/src/libcrun/handlers/krun.c
|
||||
+++ b/src/libcrun/handlers/krun.c
|
||||
@@ -43,6 +43,8 @@
|
||||
/* libkrun has a hard-limit of 8 vCPUs per microVM. */
|
||||
#define LIBKRUN_MAX_VCPUS 8
|
||||
|
||||
+#define KRUN_CONFIG_FILE ".krun_config.json"
|
||||
+
|
||||
struct krun_config
|
||||
{
|
||||
void *handle;
|
||||
@@ -207,7 +209,13 @@ libkrun_configure_container (void *cookie, enum handler_configure_phase phase,
|
||||
if (UNLIKELY (ret < 0))
|
||||
return ret;
|
||||
|
||||
- ret = write_file_at (rootfsfd, ".krun_config.json", config, config_size, err);
|
||||
+ /* CVE-2025-24965: the content below rootfs cannot be trusted because it is controlled by the user. We
|
||||
+ must ensure the file is opened below the rootfs directory. */
|
||||
+ fd = safe_openat (rootfsfd, rootfs, KRUN_CONFIG_FILE, WRITE_FILE_DEFAULT_FLAGS | O_NOFOLLOW, 0700, err);
|
||||
+ if (UNLIKELY (fd < 0))
|
||||
+ return fd;
|
||||
+
|
||||
+ ret = safe_write (fd, KRUN_CONFIG_FILE, config, config_size, err);
|
||||
if (UNLIKELY (ret < 0))
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@ -1,8 +1,11 @@
|
||||
Name: crun
|
||||
Version: 1.8.7
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: A fast and low-memory footprint OCI Container Runtime fully written in C.
|
||||
URL: https://github.com/containers/%{name}
|
||||
|
||||
Patch1: 0001-CVE-2025-24965.patch
|
||||
|
||||
Source0: https://github.com/containers/crun/releases/download/%{version}/%{name}-%{version}.tar.xz
|
||||
License: GPL-2.0-only
|
||||
BuildRequires: autoconf
|
||||
@ -54,6 +57,9 @@ rm -rf %{buildroot}%{_prefix}/lib*
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 7 2025 zhihang <zhihang161013@outlook.com> - 1.8.7-3
|
||||
- Fix CVE-2025-24965
|
||||
|
||||
* Sun Apr 28 2024 yinsist <jianhui.oerv@isrc.iscas.ac.cn> - 1.8.7-2
|
||||
- Disable criu dependency for RISC-V as criu does not currently support RISC-V
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user