| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022644-CVE-2022-49360-b0ac@gregkh> Date: Wed, 26 Feb 2025 03:10:34 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49360: f2fs: fix to do sanity check on total_data_blocks Description =========== In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on total_data_blocks As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215916 The kernel message is shown below: kernel BUG at fs/f2fs/segment.c:2560! Call Trace: allocate_segment_by_default+0x228/0x440 f2fs_allocate_data_block+0x13d1/0x31f0 do_write_page+0x18d/0x710 f2fs_outplace_write_data+0x151/0x250 f2fs_do_write_data_page+0xef9/0x1980 move_data_page+0x6af/0xbc0 do_garbage_collect+0x312f/0x46f0 f2fs_gc+0x6b0/0x3bc0 f2fs_balance_fs+0x921/0x2260 f2fs_write_single_data_page+0x16be/0x2370 f2fs_write_cache_pages+0x428/0xd00 f2fs_write_data_pages+0x96e/0xd50 do_writepages+0x168/0x550 __writeback_single_inode+0x9f/0x870 writeback_sb_inodes+0x47d/0xb20 __writeback_inodes_wb+0xb2/0x200 wb_writeback+0x4bd/0x660 wb_workfn+0x5f3/0xab0 process_one_work+0x79f/0x13e0 worker_thread+0x89/0xf60 kthread+0x26a/0x300 ret_from_fork+0x22/0x30 RIP: 0010:new_curseg+0xe8d/0x15f0 The root cause is: ckpt.valid_block_count is inconsistent with SIT table, stat info indicates filesystem has free blocks, but SIT table indicates filesystem has no free segment. So that during garbage colloection, it triggers panic when LFS allocator fails to find free segment. This patch tries to fix this issue by checking consistency in between ckpt.valid_block_count and block accounted from SIT. The Linux kernel CVE team has assigned CVE-2022-49360 to this issue. Affected and fixed versions =========================== Fixed in 5.10.121 with commit ef221b738b26d8c9f7e7967f4586db2dd3bd5288 Fixed in 5.15.46 with commit c9e4cd5b0ccd7168801d6a811919171b185c5cf8 Fixed in 5.17.14 with commit 071b1269a3b3ad9cec16ed76a48015bfffd9aee8 Fixed in 5.18.3 with commit cc8c9df19971e59ebbe669ce710080e347dfec32 Fixed in 5.19 with commit 6b8beca0edd32075a769bfe4178ca00c0dcd22a9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49360 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/f2fs/f2fs.h fs/f2fs/segment.c fs/f2fs/segment.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ef221b738b26d8c9f7e7967f4586db2dd3bd5288 https://git.kernel.org/stable/c/c9e4cd5b0ccd7168801d6a811919171b185c5cf8 https://git.kernel.org/stable/c/071b1269a3b3ad9cec16ed76a48015bfffd9aee8 https://git.kernel.org/stable/c/cc8c9df19971e59ebbe669ce710080e347dfec32 https://git.kernel.org/stable/c/6b8beca0edd32075a769bfe4178ca00c0dcd22a9
Powered by blists - more mailing lists