| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061832-CVE-2022-50013-e8cd@gregkh> Date: Wed, 18 Jun 2025 13:01:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50013: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das <mail.dipanjan.das@...il.com> reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: write_all_xattrs fs/f2fs/xattr.c:487 [inline] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [inline] __se_sys_lsetxattr fs/xattr.c:649 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it may trigger BUG_ON() in f2fs_new_node_page(), fix it. The Linux kernel CVE team has assigned CVE-2022-50013 to this issue. Affected and fixed versions =========================== Fixed in 4.19.256 with commit fbfad62b29e9f8f1c1026a806c9e064ec2a7c342 Fixed in 5.4.211 with commit 29e734ec33ae4bd7de4018fb0fb0eec808c36b92 Fixed in 5.10.138 with commit 800ba8979111184d5194f4233cc83afe683efc54 Fixed in 5.15.63 with commit 5a01e45b925a0bc9718eccd33e5920f1a4e44caf Fixed in 5.19.4 with commit 43ce0a0bda2c54dad91d5a1943554eed9e050f55 Fixed in 6.0 with commit 141170b759e03958f296033bb7001be62d1d363b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50013 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/f2fs/node.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342 https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92 https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54 https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55 https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b
Powered by blists - more mailing lists