7.8

CVE-2023-52444

f2fs: fix to avoid dirent corruption

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid dirent corruption

As Al reported in link[1]:

f2fs_rename()
...
	if (old_dir != new_dir && !whiteout)
		f2fs_set_link(old_inode, old_dir_entry,
					old_dir_page, new_dir);
	else
		f2fs_put_page(old_dir_page, 0);

You want correct inumber in the ".." link.  And cross-directory
rename does move the source to new parent, even if you'd been asked
to leave a whiteout in the old place.

[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/

With below testcase, it may cause dirent corruption, due to it missed
to call f2fs_set_link() to update ".." link to new directory.
- mkdir -p dir/foo
- renameat2 -w dir/foo bar

[ASSERT] (__chk_dots_dentries:1421)  --> Bad inode number[0x4] for '..', parent parent ino is [0x3]
[FSCK] other corrupted bugs                           [Fail]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.2.0 < 4.19.306
LinuxLinux Kernel Version >= 4.20 < 5.4.268
LinuxLinux Kernel Version >= 5.5.0 < 5.10.209
LinuxLinux Kernel Version >= 5.11.0 < 5.15.148
LinuxLinux Kernel Version >= 5.16.0 < 6.1.75
LinuxLinux Kernel Version >= 6.2.0 < 6.6.14
LinuxLinux Kernel Version >= 6.7.0 < 6.7.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.154
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46
Patch
https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862
Patch
https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28
Patch
https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024
Patch
https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310
Patch
https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728
Patch
https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7
Patch
https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77
Patch