CVE-2024-56692

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check on node blkaddr in truncate_node()<br /> <br /> syzbot reports a f2fs bug as below:<br /> <br /> ------------[ cut here ]------------<br /> kernel BUG at fs/f2fs/segment.c:2534!<br /> RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534<br /> Call Trace:<br /> truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909<br /> f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288<br /> f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856<br /> evict+0x4e8/0x9b0 fs/inode.c:723<br /> f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986<br /> f2fs_create+0x357/0x530 fs/f2fs/namei.c:394<br /> lookup_open fs/namei.c:3595 [inline]<br /> open_last_lookups fs/namei.c:3694 [inline]<br /> path_openat+0x1c03/0x3590 fs/namei.c:3930<br /> do_filp_open+0x235/0x490 fs/namei.c:3960<br /> do_sys_openat2+0x13e/0x1d0 fs/open.c:1415<br /> do_sys_open fs/open.c:1430 [inline]<br /> __do_sys_openat fs/open.c:1446 [inline]<br /> __se_sys_openat fs/open.c:1441 [inline]<br /> __x64_sys_openat+0x247/0x2a0 fs/open.c:1441<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534<br /> <br /> The root cause is: on a fuzzed image, blkaddr in nat entry may be<br /> corrupted, then it will cause system panic when using it in<br /> f2fs_invalidate_blocks(), to avoid this, let&amp;#39;s add sanity check on<br /> nat blkaddr in truncate_node().