CVE-2024-27032
Published: May 2, 2024Last modified: May 2, 2024
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.3 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.89-r0) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58
- https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c
- https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1
- https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67
- https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0