From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C30E2882C6 for ; Wed, 18 Jun 2025 11:05:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750244713; cv=none; b=sScALl2Hho1Zzlrot/E1thKlVYtWJ8cG/RL4hDENtiLvd1NmGNLXWjvzT8TPwFK0wDzbskFDMWtZ8adfFZqM3n7XgO2/F/tvdAn4SWFy/tpSfAK47Sp0SRtBSdAX8pGdSR5BLA9/Hs9l73whiUghrIOGCIaotlUEpR7r4dejWbM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1750244713; c=relaxed/simple; bh=gaBMMqh37+AVuP23gw7iEilckHDOngpQ+cbHjq4Y2SM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=d295PhSZT8M4KAZLkXKmkMzBpprcSfUWJ97+tWufLbVDLT1R6PcLLSBwBPn1Ruc2YJngAe8EDqIzWE9NS9mwh8PIwo83CI+MqDaR45v3Jww6cSnmEGrkEYfRk3Ox8Lp/SNF802ySwThPMb4gRBRfoYPUhILaNLCynL7Z4vUIg20= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=onGgM8DS; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="onGgM8DS" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 893C8C4CEED; Wed, 18 Jun 2025 11:05:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1750244713; bh=gaBMMqh37+AVuP23gw7iEilckHDOngpQ+cbHjq4Y2SM=; h=From:To:Cc:Subject:Date:Reply-to:From; b=onGgM8DSJ9gi2mBYGebT/UojdpLbjcGjs3D5D8J15kJKVv5pbrJTVNl4b/U3FgQdz +T8DVgDw0yqi7KFdU+WOWbVlIOZW29RwT9n3nC5q9YxtVjGKbSlTTy1UAtpH1NG70f HQFwtCM/k0kXdBVD3obw+jld4nB1ZS5QOWBTuaTA= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2022-50013: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() Date: Wed, 18 Jun 2025 13:01:18 +0200 Message-ID: <2025061832-CVE-2022-50013-e8cd@gregkh> X-Mailer: git-send-email 2.49.0 Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Reply-to: , X-Developer-Signature: v=1; a=openpgp-sha256; l=3305; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=fc8shIphKOTdWkTQwRyP4CZjEcK8b3eCdY3/CvACHxA=; b=owGbwMvMwCRo6H6F97bub03G02pJDBlBcwIkXLzLH9Wx8R4K2d16O1hecF7EWb1V2VvY60tas vaJ8OzoiGVhEGRikBVTZPmyjefo/opDil6Gtqdh5rAygQxh4OIUgInc3smw4DSDSqbhFA2zE2sv XrtRWS5aftV9IsOCFUxbSy9l3DwXVz1Vbafwx/1m9/8mAwA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das reported, syzkaller found a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295 Call Trace: write_all_xattrs fs/f2fs/xattr.c:487 [inline] __f2fs_setxattr+0xe76/0x2e10 fs/f2fs/xattr.c:743 f2fs_setxattr+0x233/0xab0 fs/f2fs/xattr.c:790 f2fs_xattr_generic_set+0x133/0x170 fs/f2fs/xattr.c:86 __vfs_setxattr+0x115/0x180 fs/xattr.c:182 __vfs_setxattr_noperm+0x125/0x5f0 fs/xattr.c:216 __vfs_setxattr_locked+0x1cf/0x260 fs/xattr.c:277 vfs_setxattr+0x13f/0x330 fs/xattr.c:303 setxattr+0x146/0x160 fs/xattr.c:611 path_setxattr+0x1a7/0x1d0 fs/xattr.c:630 __do_sys_lsetxattr fs/xattr.c:653 [inline] __se_sys_lsetxattr fs/xattr.c:649 [inline] __x64_sys_lsetxattr+0xbd/0x150 fs/xattr.c:649 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 NAT entry and nat bitmap can be inconsistent, e.g. one nid is free in nat bitmap, and blkaddr in its NAT entry is not NULL_ADDR, it may trigger BUG_ON() in f2fs_new_node_page(), fix it. The Linux kernel CVE team has assigned CVE-2022-50013 to this issue. Affected and fixed versions =========================== Fixed in 4.19.256 with commit fbfad62b29e9f8f1c1026a806c9e064ec2a7c342 Fixed in 5.4.211 with commit 29e734ec33ae4bd7de4018fb0fb0eec808c36b92 Fixed in 5.10.138 with commit 800ba8979111184d5194f4233cc83afe683efc54 Fixed in 5.15.63 with commit 5a01e45b925a0bc9718eccd33e5920f1a4e44caf Fixed in 5.19.4 with commit 43ce0a0bda2c54dad91d5a1943554eed9e050f55 Fixed in 6.0 with commit 141170b759e03958f296033bb7001be62d1d363b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50013 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/f2fs/node.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fbfad62b29e9f8f1c1026a806c9e064ec2a7c342 https://git.kernel.org/stable/c/29e734ec33ae4bd7de4018fb0fb0eec808c36b92 https://git.kernel.org/stable/c/800ba8979111184d5194f4233cc83afe683efc54 https://git.kernel.org/stable/c/5a01e45b925a0bc9718eccd33e5920f1a4e44caf https://git.kernel.org/stable/c/43ce0a0bda2c54dad91d5a1943554eed9e050f55 https://git.kernel.org/stable/c/141170b759e03958f296033bb7001be62d1d363b