Linux Kernel F2FS Destination Block Address Sanity Check Vulnerability

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation can lead to a kernel panic. This issue arises during the recovery process when the file system's Segment Information Table (SIT) is found to be inconsistent with the inode mapping table. Such inconsistency triggers a warning that can escalate to a kernel panic if the file system check feature is enabled. The vulnerability was introduced when the F2FS recovery process was updated to handle block address validations more rigorously, but this change inadvertently created a scenario where corrupted file system images could cause severe errors. The problem was reported by Wenqing Liu and is present in the Linux kernel stable tree.

Impact

Exploiting this vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating a fuzzed image that causes the SIT table to become inconsistent with the inode mapping table. This can be done by manipulating the file system's data in a way that introduces inconsistencies, such as by using a tool that fuzzes file system images. Once the inconsistency is introduced, mounting the F2FS file system with the 'CONFIG_F2FS_CHECK_FS' option enabled will trigger the kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.