In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to bail out in getnewsegment()
------------[ cut here ]------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 newcurseg+0x5e8/0x6dc pc : newcurseg+0x5e8/0x6dc Call trace: newcurseg+0x5e8/0x6dc f2fsallocatedatablock+0xa54/0xe28 dowritepage+0x6c/0x194 f2fsdowritenodepage+0x38/0x78 _writenodepage+0x248/0x6d4 f2fssyncnodepages+0x524/0x72c f2fswritecheckpoint+0x4bc/0x9b0 _checkpointandcompletereqs+0x80/0x244 issuecheckpointthread+0x8c/0xec kthread+0x114/0x1bc retfromfork+0x10/0x20
getnewsegment() detects inconsistent status in between freesegmap and freesecmap, let's record such error into super block, and bail out getnewsegment() instead of continue using the segment.