CVE-2024-56565

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, related to the f2fs file system. The issue occurs when creating a snapshot on an LVM device, which updates the discard max bytes to zero, causing a panic when submit discard cmd() is called. The root cause is that submit discard cmd() passes a zero value to blkdev issue discard(), resulting in a NULL bio pointer. The vulnerability can be reproduced with a specific test case involving the creation of an LVM device, mounting an f2fs file system, and creating a snapshot.

Recommendations For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the creation of snapshots on LVM devices to minimize the risk of exploitation. Restrict access to the f2fs file system to prevent potential attacks. Avoid using the submit discard cmd() function until the issue is resolved.