kernel decompression is unbounded #8

New issue

Open

opened 2026-05-19 13:30:11 +00:00 by rc · 0 comments

rc commented 2026-05-19 13:30:11 +00:00

Owner

Copy link

The compressed vmlinuz read is capped, but unpackKernel streams gzip output into an unbounded allocating writer. A corrupt or hostile payload can expand until memory exhaustion. Apply an output limit here too, ideally separate from the compressed download limit.

The compressed vmlinuz read is capped, but unpackKernel streams gzip output into an unbounded allocating writer. A corrupt or hostile payload can expand until memory exhaustion. Apply an output limit here too, ideally separate from the compressed download limit.

rc referenced this issue 2026-05-22 10:43:56 +00:00

make downloads atomic and verify installed assets #35

rc pinned this 2026-05-22 16:25:06 +00:00

rc changed title from gpt: kernel decompression is unbounded to kernel decompression is unbounded 2026-05-22 16:26:12 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

codex/verbose-logging

codex-fix-run-without-initrd

codex-package-libvmz

swfit

output

No results found.

Labels

Clear labels   

highprio

  

lowprio

No labels

highprio

lowprio

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rc/vmz#8

No description provided.