Linux Kernel F2FS File System Valid Node Count Vulnerability

A vulnerability in the F2FS file system of the Linux kernel has been identified, specifically in version 5.17. This issue arises when the total valid block or node counts are reduced to zero, leading to a kernel panic. The vulnerability can be reproduced by enabling KASAN and KASAN_INLINE, and then executing certain commands that trigger the bug, as reported in the kernel bugzilla.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations by halting the kernel's processes.

Reproduction

To reproduce this vulnerability, compile the Linux kernel with the CONFIG_KASAN and CONFIG_KASAN_INLINE options enabled. After booting into this kernel, perform operations that manipulate the F2FS file system in a way that causes the total valid block or node counts to drop to zero. This can be done by unlinking files or directories, which will trigger the vulnerability by causing the F2FS file system to encounter a bug condition that leads to a kernel panic.