Wenqing Liu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.17-rc4 through 5.17-rc6 **Description** The issue is related to an array-index-out-of-bounds error in the fs/f2fs/segment.c file. This occurs when mounting and operating a corrupted image, resulting in an out-of-bounds access on the sbi->block count[] array. The root cause is a missed sanity check on curseg->alloc type. **Recommendations** For Linux kernel versions 5.17-rc4 through 5.17-rc6, apply the fix to do a sanity check on curseg->alloc type to prevent the array-index-out-of-bounds error. As a temporary workaround, consider avoiding the use of corrupted images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, which can cause a kernel panic. The issue arises when the `inline dots` flag is set in a special file, such as a character, block, FIFO, or socket file, and the `f2fs` filesystem attempts to recover dot dentries. This can lead to a NULL pointer access when `f2fs add regular entry()` calls `a ops->set dirty page()`. The vulnerability can be triggered by creating a directory, mounting a fuzzed image, and listing the directory contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.15.11 **Description** The issue arises from an out-of-bounds memory access in the ` f2fs setxattr` function in `fs/f2fs/xattr.c` when an inode has an invalid last xattr entry. This can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel versions through 5.15.11, update to a version later than 5.15.11 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.3 **Description** The issue is related to the gc data segment function in the Linux kernel, specifically in fs/f2fs/gc.c. It involves a NULL pointer dereference due to special files not being considered, which can lead to a denial of service. An attacker could potentially exploit this issue to cause a service disruption. **Recommendations** For Linux kernel versions prior to 5.16.3, update to version 5.16.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the gc data segment function in fs/f2fs/gc.c to minimize the risk of exploitation.