Linux Kernel F2FS Filesystem Slab-Use-After-Free Vulnerability in Truncate Dnode Function

A slab-use-after-free vulnerability has been identified in the F2FS (Flash-Friendly File System) implementation of the Linux kernel. This issue arises in the 'truncate_dnode' function, where the kernel improperly manages memory during the truncation of data blocks. The vulnerability is present in Linux kernel versions prior to 6.4.0-rc7-syzkaller-00041-ge660abd551f1, specifically within the F2FS filesystem.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where the system attempts to access memory that has already been freed. This can potentially be exploited to execute arbitrary code or cause a system crash.

Reproduction

The vulnerability can be reproduced by using the 'syz-executor' tool, which is part of the Syzkaller fuzzer. This tool can be configured to create a scenario where the 'truncate_dnode' function is called in a way that triggers the use-after-free condition. The specific sequence involves truncating an inode that references another inode, causing the system to access memory out of bounds.

Remediation

Users can upgrade to Linux kernel version 6.4.0-rc7-syzkaller-00041-ge660abd551f1 or later, where this vulnerability has been patched.