CVE-2024-53221 Information

Dec 28, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

There’s issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace: f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] validate_checkpoint+0xac/0x290 [f2fs] f2fs_get_valid_checkpoint+0x207/0x950 [f2fs] f2fs_fill_super+0x1007/0x39b0 [f2fs] mount_bdev+0x183/0x250 legacy_get_tree+0xf4/0x1e0 vfs_get_tree+0x88/0x340 do_new_mount+0x283/0x5e0 path_mount+0x2b2/0x15b0 __x64_sys_mount+0x1fe/0x270 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Above issue happens as the biset of the f2fs file system is not initialized before register 2fs_fs_type. To address above issue just register 2fs_fs_type\ at the last in init_f2fs_fs(). Ensure that all f2fs file system resources are initialized.

Reference

https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08 https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56 https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa

Share on: