| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022647-CVE-2022-49380-24ee@gregkh> Date: Wed, 26 Feb 2025 03:10:54 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2022-49380: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() Description =========== In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can reproduce the bug by running the following commands: The kernel message is shown below: kernel BUG at fs/f2fs/f2fs.h:2511! Call Trace: f2fs_remove_inode_page+0x2a2/0x830 f2fs_evict_inode+0x9b7/0x1510 evict+0x282/0x4e0 do_unlinkat+0x33a/0x540 __x64_sys_unlinkat+0x8e/0xd0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is: .total_valid_block_count or .total_valid_node_count could fuzzed to zero, then once dec_valid_node_count() was called, it will cause BUG_ON(), this patch fixes to print warning info and set SBI_NEED_FSCK into CP instead of panic. The Linux kernel CVE team has assigned CVE-2022-49380 to this issue. Affected and fixed versions =========================== Fixed in 5.4.198 with commit f8b3c3fcf33105bc1ee7788e3b51b0a1ae42ae53 Fixed in 5.10.121 with commit 2766ddaf45b69252bb8fe526b5b6e56904a9ae7a Fixed in 5.15.46 with commit bce859358d3d5940aa858e40ceee70ee6e76130e Fixed in 5.17.14 with commit 89d9a48d0cd30429463ea4e37ca83be6773ed5eb Fixed in 5.18.3 with commit ccffa99ae6a1f44797b57444c6a80382a42928fe Fixed in 5.19 with commit 4d17e6fe9293d57081ffdc11e1cf313e25e8fd9e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-49380 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/f2fs/f2fs.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f8b3c3fcf33105bc1ee7788e3b51b0a1ae42ae53 https://git.kernel.org/stable/c/2766ddaf45b69252bb8fe526b5b6e56904a9ae7a https://git.kernel.org/stable/c/bce859358d3d5940aa858e40ceee70ee6e76130e https://git.kernel.org/stable/c/89d9a48d0cd30429463ea4e37ca83be6773ed5eb https://git.kernel.org/stable/c/ccffa99ae6a1f44797b57444c6a80382a42928fe https://git.kernel.org/stable/c/4d17e6fe9293d57081ffdc11e1cf313e25e8fd9e
Powered by blists - more mailing lists