// For flags

CVE-2022-49363

f2fs: fix to do sanity check on block address in f2fs_do_zero_range()

Time Line
Published
2024-03-19
Updated
2024-03-19
Firt exploit
2024-03-19
Overview
Descriptions (1)
MITRE
CWE (0)
CAPEC (-)
Risk
CVSS Score
-
SSVC
-
KEV
-
EPSS
Affected Products (-)
Vendors (1)
linux
Products (1)
linux_kernel
Versions (6)
< 5.4.198, < 5.10.121, < 5.15.46, < 5.17.14, < 5.18.3, < 5.19
Intel Resources (-)
Advisories (-)
-
Exploits (-)
-
Plugins (-)
-
References (6)
General (-)
Exploits & POcs (-)
Patches (6)
kernel
Advisories (-)
Summary
Descriptions

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on block address in f2fs_do_zero_range() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215894 I have encountered a bug in F2FS file system in kernel v5.17. I have uploaded the system call sequence as case.c, and a fuzzed image can
be found in google net disk The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can
reproduce the bug by running the following commands: kernel BUG at fs/f2fs/segment.c:2291!
Call Trace: f2fs_invalidate_blocks+0x193/0x2d0 f2fs_fallocate+0x2593/0x4a70 vfs_fallocate+0x2a5/0xac0 ksys_fallocate+0x35/0x70 __x64_sys_fallocate+0x8e/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is, after image was fuzzed, block mapping info in inode
will be inconsistent with SIT table, so in f2fs_fallocate(), it will cause
panic when updating SIT with invalid blkaddr. Let's fix the issue by adding sanity check on block address before updating
SIT table with it.

*Credits: N/A
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2025-02-26 CVE Reserved
  • 2025-02-26 CVE Published
  • 2025-02-26 CVE Updated
  • ---------- EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Threat Intelligence Resources (0)
Security Advisory details:

Select an advisory to view details here.

Select an exploit to view details here.

Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.4.198
Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.198"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.10.121
Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.121"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.15.46
Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.46"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.17.14
Search vendor "Linux" for product "Linux Kernel" and version " < 5.17.14"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.18.3
Search vendor "Linux" for product "Linux Kernel" and version " < 5.18.3"
en
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 5.19
Search vendor "Linux" for product "Linux Kernel" and version " < 5.19"
en
Affected