CVE-2022-49361

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check for inline inode<br /> <br /> Yanming reported a kernel bug in Bugzilla kernel [1], which can be<br /> reproduced. The bug message is:<br /> <br /> The kernel message is shown below:<br /> <br /> kernel BUG at fs/inode.c:611!<br /> Call Trace:<br /> evict+0x282/0x4e0<br /> __dentry_kill+0x2b2/0x4d0<br /> dput+0x2dd/0x720<br /> do_renameat2+0x596/0x970<br /> __x64_sys_rename+0x78/0x90<br /> do_syscall_64+0x3b/0x90<br /> <br /> [1] https://bugzilla.kernel.org/show_bug.cgi?id=215895<br /> <br /> The bug is due to fuzzed inode has both inline_data and encrypted flags.<br /> During f2fs_evict_inode(), as the inode was deleted by rename(), it<br /> will cause inline data conversion due to conflicting flags. The page<br /> cache will be polluted and the panic will be triggered in clear_inode().<br /> <br /> Try fixing the bug by doing more sanity checks for inline data inode in<br /> sanity_check_inode().