Bugzilla – Bug 1223701
VUL-0: CVE-2024-27032: kernel: f2fs: fix to avoid potential panic during recovery
Last modified: 2024-05-02 11:04:18 UTC
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-27032 https://www.cve.org/CVERecord?id=CVE-2024-27032 https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58 https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1 https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67 https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-27032.mbox https://bugzilla.redhat.com/show_bug.cgi?id=2278469
We don't enable f2fs on any branch, so we are not affected. Closing.