CVE-2023-52682

f2fs: fix to wait on block writeback for post_read case

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to wait on block writeback for post_read case

If inode is compressed, but not encrypted, it missed to call
f2fs_wait_on_block_writeback() to wait for GCed page writeback
in IPU write path.

Thread A GC-Thread
- f2fs_gc
- do_garbage_collect
- gc_data_segment
- move_data_block
- f2fs_submit_page_write
migrate normal cluster's block via
meta_inode's page cache
- f2fs_write_single_data_page
- f2fs_do_write_data_page
- f2fs_inplace_write_data
- f2fs_submit_page_bio

IRQ
- f2fs_read_end_io
IRQ
old data overrides new data due to
out-of-order GC and common IO.
- f2fs_read_end_io

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: corrección para esperar en la reescritura del bloque para el caso post_read. Si el inodo está comprimido, pero no encriptado, no llamó a f2fs_wait_on_block_writeback() para esperar la reescritura de la página GCed en la ruta de escritura de la IPU. Subproceso A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migra el bloque del clúster normal a través del caché de página de meta_inode - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - fs_read_end_io Los datos antiguos de IRQ anulan los datos nuevos debido a GC desordenado y común OÍ. - f2fs_read_end_io

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-07 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/4c8ff7095bef64fc47e996a938f7d57f9e077da3	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3	2024-01-25
https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2	2024-01-25
https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986	2024-01-25
https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00	2023-12-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.1.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.1.75"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.6.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.6.14"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.7.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.7.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.6 < 6.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.6 < 6.8"		en		Affected