CVE-2022-49380

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.17

Description A bug in the F2FS file system has been identified, which can cause the kernel to panic when the dec valid node count() function is called. The issue occurs when the .total valid block count or .total valid node count values are fuzzed to zero. This bug can be reproduced by running specific commands and is evident in the kernel message. The root cause of the issue is related to the f2fs bug on() function in dec valid node count().

Recommendations For Linux kernel version 5.17, apply the patch that fixes the issue by printing warning information and setting SBI NEED FSCK into CP instead of panicking.