In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid f2fsbugon() in decvalidnode_count()
As Yanming reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=215897
I have encountered a bug in F2FS file system in kernel v5.17.
The kernel should enable CONFIGKASAN=y and CONFIGKASAN_INLINE=y. You can reproduce the bug by running the following commands:
The kernel message is shown below:
kernel BUG at fs/f2fs/f2fs.h:2511! Call Trace: f2fsremoveinodepage+0x2a2/0x830 f2fsevictinode+0x9b7/0x1510 evict+0x282/0x4e0 dounlinkat+0x33a/0x540 __x64sysunlinkat+0x8e/0xd0 dosyscall64+0x3b/0x90 entrySYSCALL64afterhwframe+0x44/0xae
The root cause is: .totalvalidblockcount or .totalvalidnodecount could fuzzed to zero, then once decvalidnodecount() was called, it will cause BUGON(), this patch fixes to print warning info and set SBINEEDFSCK into CP instead of panic.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49380.json"
}