CVE-2022-49363

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.17

Description A bug in the F2FS file system has been identified, which can cause a panic when updating the SIT table with an invalid block address. The issue occurs when the block mapping information in the inode becomes inconsistent with the SIT table after an image has been fuzzed. This inconsistency can lead to a crash in the f2fs fallocate() function. The estimated number of potentially affected devices is not provided.

Recommendations For Linux kernel version 5.17, apply the fix by adding a sanity check on the block address in the f2fs do zero range() function to prevent the panic. As a temporary workaround, consider disabling the f2fs fallocate() function until a patch is available. Restrict access to the F2FS file system to minimize the risk of exploitation.