| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120852-CVE-2022-50620-bf1f@gregkh> Date: Mon, 8 Dec 2025 10:16:57 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50620: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path Syzbot reports a NULL pointer dereference issue as below: __refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:110 [inline] kthread_stop+0x34/0x1c0 kernel/kthread.c:703 f2fs_stop_discard_thread+0x3c/0x5c fs/f2fs/segment.c:1638 kill_f2fs_super+0x5c/0x194 fs/f2fs/super.c:4522 deactivate_locked_super+0x70/0xe8 fs/super.c:332 deactivate_super+0xd0/0xd4 fs/super.c:363 cleanup_mnt+0x1f8/0x234 fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0xc4/0x14c kernel/task_work.c:177 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x26c/0xbe0 kernel/exit.c:795 do_group_exit+0x60/0xe8 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 The root cause of this issue is in error path of f2fs_start_discard_thread(), it missed to invalidate dcc->f2fs_issue_discard, later kthread_stop() may access invalid pointer. The Linux kernel CVE team has assigned CVE-2022-50620 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15 with commit 4d67490498acb4ffcef5ba7bc44990d46e66a44c and fixed in 5.15.86 with commit 865bb7b5a7deeb0e5afbd82381d52d38825dc64d Issue introduced in 5.15 with commit 4d67490498acb4ffcef5ba7bc44990d46e66a44c and fixed in 6.0.16 with commit a3e517a6ba695d683ee63615e1ea6e6b4c7d2732 Issue introduced in 5.15 with commit 4d67490498acb4ffcef5ba7bc44990d46e66a44c and fixed in 6.1.2 with commit ae6c960a82c52c3bda5adc82d90643d6c12d308e Issue introduced in 5.15 with commit 4d67490498acb4ffcef5ba7bc44990d46e66a44c and fixed in 6.2 with commit 91586ce0d39a05f88795aa8814fb99b1387236b3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50620 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/f2fs/segment.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/865bb7b5a7deeb0e5afbd82381d52d38825dc64d https://git.kernel.org/stable/c/a3e517a6ba695d683ee63615e1ea6e6b4c7d2732 https://git.kernel.org/stable/c/ae6c960a82c52c3bda5adc82d90643d6c12d308e https://git.kernel.org/stable/c/91586ce0d39a05f88795aa8814fb99b1387236b3
Powered by blists - more mailing lists