CVE-2024-49887

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11.0-rc6-syzkaller-00363-g89f5e14d05b4

Description: A vulnerability in the Linux kernel has been resolved, specifically in the f2fs filesystem. The issue occurs when a no free segment fault is injected into f2fs, causing the system to panic. The root cause of the problem is that the system should not panic when this fault is injected. The vulnerability is related to the get new segment function in fs/f2fs/segment.c and the new curseg function in the same file. The estimated number of potentially affected devices is not specified.

Recommendations: To resolve the issue, update the Linux kernel to a version newer than 6.11.0-rc6-syzkaller-00363-g89f5e14d05b4. As a temporary workaround, consider disabling the f2fs filesystem until a patch is available. Restrict access to the vulnerable f2fs module to minimize the risk of exploitation. Avoid using the f2fs fallocate function in the affected kernel version until the issue is resolved.