Linux Kernel F2FS Filesystem Sanity Check Vulnerability in Block Address Handling

A vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation, specifically in versions through 5.17. The issue arises in the 'f2fs_do_zero_range()' function, where a lack of proper validation on block addresses can lead to inconsistencies between the inode's block mapping information and the Segment Information Table (SIT). This discrepancy can cause the kernel to panic when the F2FS fallocate function attempts to update the SIT with an invalid block address. The vulnerability can be reproduced by enabling Kernel Address Sanitizer (KASAN) and running a specific sequence of system calls that trigger the bug, as reported in the Linux kernel bugzilla.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations by abruptly terminating processes and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by running a kernel with CONFIG_KASAN enabled, and executing a sequence of system calls that include 'f2fs_fallocate'. This sequence will trigger the vulnerability by causing a mismatch between the block mapping in the inode and the SIT, leading to a kernel panic when the SIT is updated with the invalid block address.

Remediation

Users can upgrade to a patched version of the Linux kernel where this vulnerability has been addressed. The specific commit fixing this issue is available in the Linux kernel's official Git repository.