CVE-2024-26871

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix NULL pointer dereference in f2fs_submit_page_write()<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000014<br /> RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs]<br /> Call Trace:<br /> <br /> ? show_regs+0x6e/0x80<br /> ? __die+0x29/0x70<br /> ? page_fault_oops+0x154/0x4a0<br /> ? prb_read_valid+0x20/0x30<br /> ? __irq_work_queue_local+0x39/0xd0<br /> ? irq_work_queue+0x36/0x70<br /> ? do_user_addr_fault+0x314/0x6c0<br /> ? exc_page_fault+0x7d/0x190<br /> ? asm_exc_page_fault+0x2b/0x30<br /> ? f2fs_submit_page_write+0x6cf/0x780 [f2fs]<br /> ? f2fs_submit_page_write+0x736/0x780 [f2fs]<br /> do_write_page+0x50/0x170 [f2fs]<br /> f2fs_outplace_write_data+0x61/0xb0 [f2fs]<br /> f2fs_do_write_data_page+0x3f8/0x660 [f2fs]<br /> f2fs_write_single_data_page+0x5bb/0x7a0 [f2fs]<br /> f2fs_write_cache_pages+0x3da/0xbe0 [f2fs]<br /> ...<br /> It is possible that other threads have added this fio to io-&gt;bio<br /> and submitted the io-&gt;bio before entering f2fs_submit_page_write().<br /> At this point io-&gt;bio = NULL.<br /> If is_end_zone_blkaddr(sbi, fio-&gt;new_blkaddr) of this fio is true,<br /> then an NULL pointer dereference error occurs at bio_get(io-&gt;bio).<br /> The original code for determining zone end was after "out:",<br /> which would have missed some fio who is zone end. I&amp;#39;ve moved<br /> this code before "skip:" to make sure it&amp;#39;s done for each fio.