Linux Kernel F2FS Filesystem Out-of-Bounds Write Vulnerability

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) has been identified, where the absence of proper sanity checks on the allocation type of the current segment can lead to out-of-bounds access on a block count array. This issue was reported by Wenqing Liu and can be triggered by mounting and operating on a corrupted image, which causes a buffer overrun that could potentially be exploited.

Impact

Exploitation of this vulnerability causes a buffer overrun, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by mounting a corrupted F2FS image on a Linux kernel version that is vulnerable, such as 5.17-rc4 or 5.17-rc6. After mounting the image, the vulnerability can be triggered by performing operations that cause the filesystem to write data, which will invoke the flawed allocation logic and result in an out-of-bounds write.