CVE-2022-49380

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()<br /> <br /> As Yanming reported in bugzilla:<br /> <br /> https://bugzilla.kernel.org/show_bug.cgi?id=215897<br /> <br /> I have encountered a bug in F2FS file system in kernel v5.17.<br /> <br /> The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can<br /> reproduce the bug by running the following commands:<br /> <br /> The kernel message is shown below:<br /> <br /> kernel BUG at fs/f2fs/f2fs.h:2511!<br /> Call Trace:<br /> f2fs_remove_inode_page+0x2a2/0x830<br /> f2fs_evict_inode+0x9b7/0x1510<br /> evict+0x282/0x4e0<br /> do_unlinkat+0x33a/0x540<br /> __x64_sys_unlinkat+0x8e/0xd0<br /> do_syscall_64+0x3b/0x90<br /> entry_SYSCALL_64_after_hwframe+0x44/0xae<br /> <br /> The root cause is: .total_valid_block_count or .total_valid_node_count<br /> could fuzzed to zero, then once dec_valid_node_count() was called, it<br /> will cause BUG_ON(), this patch fixes to print warning info and set<br /> SBI_NEED_FSCK into CP instead of panic.