CVE-2022-50013

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das <[email protected]> reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: write_all_xattrs fs/f2fs/xattr.c:487 [inline] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [inline] __se_sys_lsetxattr fs/xattr.c:649 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it may trigger BUG_ON() in f2fs_new_node_page(), fix it.

CVSS Score

Affected Products

References

• https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363bPatch
• https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92Patch
• https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55Patch
• https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44cafPatch
• https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54Patch
• https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342Patch