7.1

CVE-2023-52682

f2fs: fix to wait on block writeback for post_read case

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to wait on block writeback for post_read case

If inode is compressed, but not encrypted, it missed to call
f2fs_wait_on_block_writeback() to wait for GCed page writeback
in IPU write path.

Thread A				GC-Thread
					- f2fs_gc
					 - do_garbage_collect
					  - gc_data_segment
					   - move_data_block
					    - f2fs_submit_page_write
					     migrate normal cluster's block via
					     meta_inode's page cache
- f2fs_write_single_data_page
 - f2fs_do_write_data_page
  - f2fs_inplace_write_data
   - f2fs_submit_page_bio

IRQ
- f2fs_read_end_io
					IRQ
					old data overrides new data due to
					out-of-order GC and common IO.
					- f2fs_read_end_io
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.6 < 6.1.75
LinuxLinux Kernel Version >= 6.2 < 6.6.14
LinuxLinux Kernel Version >= 6.7 < 6.7.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.136
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/4535be48780431753505e74e1b1ad4836a189bc2
Patch
https://git.kernel.org/stable/c/55fdc1c24a1d6229fe0ecf31335fb9a2eceaaa00
Patch
https://git.kernel.org/stable/c/9bfd5ea71521d0e522ba581c6ccc5db93759c0c3
Patch
https://git.kernel.org/stable/c/f904c156d8011d8291ffd5b6b398f3747e294986
Patch
https://git.kernel.org/stable/c/2bfe8fdb674f71747553a65f2ef27e14c8880655