CVE-2022-49170

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.17-rc4 through 5.17-rc6

Description The issue is related to an array-index-out-of-bounds error in the fs/f2fs/segment.c file. This occurs when mounting and operating a corrupted image, resulting in an out-of-bounds access on the sbi->block count[] array. The root cause is a missed sanity check on curseg->alloc type.

Recommendations For Linux kernel versions 5.17-rc4 through 5.17-rc6, apply the fix to do a sanity check on curseg->alloc type to prevent the array-index-out-of-bounds error. As a temporary workaround, consider avoiding the use of corrupted images to minimize the risk of exploitation.