CVE-2022-50013

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()<br /> <br /> As Dipanjan Das reported, syzkaller<br /> found a f2fs bug as below:<br /> <br /> RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295<br /> Call Trace:<br /> write_all_xattrs fs/f2fs/xattr.c:487 [inline]<br /> __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743<br /> f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790<br /> f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86<br /> __vfs_setxattr+0x115/0x180 fs/xattr.c:182<br /> __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216<br /> __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277<br /> vfs_setxattr+0x13f/0x330 fs/xattr.c:303<br /> setxattr+0x146/0x160 fs/xattr.c:611<br /> path_setxattr+0x1a7/0x1d0 fs/xattr.c:630<br /> __do_sys_lsetxattr fs/xattr.c:653 [inline]<br /> __se_sys_lsetxattr fs/xattr.c:649 [inline]<br /> __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649<br /> do_syscall_x64 arch/x86/entry/common.c:50 [inline]<br /> do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80<br /> entry_SYSCALL_64_after_hwframe+0x46/0xb0<br /> <br /> NAT entry and nat bitmap can be inconsistent, e.g. one nid is free<br /> in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it<br /> may trigger BUG_ON() in f2fs_new_node_page(), fix it.