Bug 1221083 (CVE-2023-52588) - VUL-0: CVE-2023-52588: kernel: f2fs: fix to tag gcing flag on page during block migration
Summary: VUL-0: CVE-2023-52588: kernel: f2fs: fix to tag gcing flag on page during blo...
Status: RESOLVED FIXED
Alias: CVE-2023-52588
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/396445/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52588:3.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-06 16:17 UTC by SMASH SMASH
Modified: 2024-04-17 09:00 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SMASH SMASH 2024-03-06 16:17:08 UTC 
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to tag gcing flag on page during block migration

It needs to add missing gcing flag on page during block migration,
in order to garantee migrated data be persisted during checkpoint,
otherwise out-of-order persistency between data and node may cause
data corruption after SPOR.

Similar issue was fixed by commit 2d1fe8a86bf5 ("f2fs: fix to tag
gcing flag on page during file defragment").

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52588
https://www.cve.org/CVERecord?id=CVE-2023-52588
https://lore.kernel.org/linux-cve-announce/2024030644-CVE-2023-52588-619a@gregkh/

Patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4961acdd65c9
Comment 1 Andrea Mattiazzo 2024-03-06 16:22:11 UTC 
Already patched:
-stable

Tracking as affected:
-cve/linux-5.14
-SLE15-SP6

@kernel-bugs could you please add the CVE reference?
Comment 2 Anthony Iliopoulos 2024-03-06 16:22:49 UTC 
We don't support f2fs at all in SLE.

product          affected
SLE12-SP2-LTSS   N
SLE12-SP3-LTSS   N
SLE12-SP4-LTSS   N
SLE12-SP5        N
SLE15-SP1-LTSS   N
SLE15-SP2-LTSS   N
SLE15-SP3-LTSS   N
SLE15-SP4-LTSS   N
SLE15-SP5        N
SLE15-SP6        N

origin/SLE12-SP2-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE12-SP3-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE12-SP4-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE12-SP5:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP1-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP2-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP3-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP4-LTSS:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP5:config/x86_64/default:# CONFIG_F2FS_FS is not set
origin/SLE15-SP6:config/x86_64/default:# CONFIG_F2FS_FS is not set
Comment 3 Andrea Mattiazzo 2024-03-06 16:23:32 UTC 
(In reply to Andrea Mattiazzo from comment #1)
> Already patched:
> -stable
> 
> Tracking as affected:
> -cve/linux-5.14
> -SLE15-SP6
> 
> @kernel-bugs could you please add the CVE reference?

Just realize that cve/linux-5.14 and SLE15-SP6 doesn't have CONFIG_F2FS_FS_COMPRESSION flag set, so they are not affected
Comment 4 Oscar Salvador 2024-04-16 05:03:36 UTC 
No supported by suse.
Back to sec-team.