CVE-2024-38636

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The issue arises when the multi-devices feature is enabled in the Linux kernel, specifically with the f2fs file system. In this scenario, the f2fs map blocks() function may return a zero block address in non-primary devices, which is a valid block address. However, the f2fs iomap begin() function treats this as an invalid block address, triggering a warning in the iomap framework code. This warning is caught during the zbd/010 test, which checks for gap zone support with F2FS. The root cause of the issue is the incorrect assumption in f2fs iomap begin() about the physical block address of the whole f2fs file system. To fix this issue, a more direct approach is used, checking the (map.m flags & F2FS MAP MAPPED) condition instead of (map.m pblk != NULL ADDR).

Recommendations To resolve this issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the multi-devices feature in the f2fs file system until the update can be applied.