CVE-2022-49363

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check on block address in f2fs_do_zero_range()<br /> <br /> As Yanming reported in bugzilla:<br /> <br /> https://bugzilla.kernel.org/show_bug.cgi?id=215894<br /> <br /> I have encountered a bug in F2FS file system in kernel v5.17.<br /> <br /> I have uploaded the system call sequence as case.c, and a fuzzed image can<br /> be found in google net disk<br /> <br /> The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can<br /> reproduce the bug by running the following commands:<br /> <br /> kernel BUG at fs/f2fs/segment.c:2291!<br /> Call Trace:<br /> f2fs_invalidate_blocks+0x193/0x2d0<br /> f2fs_fallocate+0x2593/0x4a70<br /> vfs_fallocate+0x2a5/0xac0<br /> ksys_fallocate+0x35/0x70<br /> __x64_sys_fallocate+0x8e/0xf0<br /> do_syscall_64+0x3b/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> The root cause is, after image was fuzzed, block mapping info in inode<br /> will be inconsistent with SIT table, so in f2fs_fallocate(), it will cause<br /> panic when updating SIT with invalid blkaddr.<br /> <br /> Let&amp;#39;s fix the issue by adding sanity check on block address before updating<br /> SIT table with it.