In the Linux kernel, the following vulnerability has been resolved: f2fs:
fix to drop meta_inode’s page cache in f2fs_put_super() syzbot reports a
kernel bug as below: F2FS-fs (loop1): detect filesystem reference count
leak during umount, type: 10, count: 1 kernel BUG at fs/f2fs/super.c:1639!
CPU: 0 PID: 15451 Comm: syz-executor.1 Not tainted
6.5.0-syzkaller-09338-ge0152e7481c6 #0 RIP: 0010:f2fs_put_super+0xce1/0xed0
fs/f2fs/super.c:1639 Call Trace: generic_shutdown_super+0x161/0x3c0
fs/super.c:693 kill_block_super+0x3b/0x70 fs/super.c:1646
kill_f2fs_super+0x2b7/0x3d0 fs/f2fs/super.c:4879
deactivate_locked_super+0x9a/0x170 fs/super.c:481
deactivate_super+0xde/0x100 fs/super.c:514 cleanup_mnt+0x222/0x3d0
fs/namespace.c:1254 task_work_run+0x14d/0x240 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop kernel/entry/common.c:171 [inline]
exit_to_user_mode_prepare+0x210/0x240 kernel/entry/common.c:204
__syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline]
syscall_exit_to_user_mode+0x1d/0x60 kernel/entry/common.c:296
do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x63/0xcd In f2fs_put_super(), it tries to
do sanity check on dirty and IO reference count of f2fs, once there is any
reference count leak, it will trigger panic. The root case is, during
f2fs_put_super(), if there is any IO error in f2fs_wait_on_all_pages(), we
missed to truncate meta_inode’s page cache later, result in panic, fix this
case.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-gcp-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-nvidia-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-oracle-6.5 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-starfive-6.5 | < any | UNKNOWN |
git.kernel.org/linus/a4639380bbe66172df329f8b54aa7d2e943f0f64 (6.7-rc1)
git.kernel.org/stable/c/10b2a6c0dade67b5a2b2d17fb75c457ea1985fad
git.kernel.org/stable/c/a4639380bbe66172df329f8b54aa7d2e943f0f64
git.kernel.org/stable/c/eb42e1862aa7934c2c21890097ce4993c5e0d192
launchpad.net/bugs/cve/CVE-2023-52848
nvd.nist.gov/vuln/detail/CVE-2023-52848
security-tracker.debian.org/tracker/CVE-2023-52848
www.cve.org/CVERecord?id=CVE-2023-52848