Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

A flaw exists in the Linux kernel's f2fs implementation related to out-of-boundary access in dnode pages. The issue stems from a corrupted image where a dnode shares a node ID with its inode. During the `f2fs get dnode of data()` function, an attempt is made to access a block address within the dnode at an offset, but the dnode is parsed as an inode node, leading to an invalid memory access calculation (360 + 934 * 4 = 4096 with 4 bytes). The root cause is a lack of sanity checks for node IDs of direct nodes during the `f2fs get dnode of data()` function.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.