Am 10.02.2026 um 13:46 hat Oblivionsage geschrieben: > From d335821a1f814eb3059ab5e6a7cd771360b698c4 Mon Sep 17 00:00:00 2001 > From: Oblivionsage <[email protected]> > Date: Tue, 10 Feb 2026 13:33:25 +0100 > Subject: [PATCH] block/vmdk: fix OOB read in vmdk_read_extent() > To: [email protected] > Cc: [email protected], > [email protected], > [email protected], > [email protected], > [email protected] > > Bounds check for marker.size doesn't account for the 12-byte marker > header, allowing zlib to read past the allocated buffer. > > Move the check inside the has_marker block and subtract the marker size. > > Fixes: CVE-2026-2243 > Reported-by: Halil Oktay (oblivionsage) <[email protected]> > Signed-off-by: Halil Oktay (oblivionsage) <[email protected]>
Thanks, applied to the block branch. Kevin
