Linux Kernel F2FS Filesystem Truncation Error Vulnerability

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) implementation has been addressed. The issue arose in the truncation process of inline data, where an error path failed to properly manage the page cache. This oversight led to a kernel bug, as the eviction process detected an inconsistency in the inode's page data, indicating that not all cached pages had been cleared before the inode was destroyed. The vulnerability was reported by syzbot, a tool that identifies bugs in the Linux kernel.

Impact

The vulnerability could lead to a kernel panic, as the eviction process encounters a bug due to untruncated cached pages, causing the inode management to fail.

Reproduction

The vulnerability can be reproduced by mounting a loop device with an F2FS filesystem that has corrupted inline inodes. This can be done by creating a filesystem image that simulates the conditions reported by syzbot, including invalid CRC values and SSA boundary errors. Once this image is created, it can be mounted as an F2FS filesystem, triggering the truncation error during the eviction process of the inode.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.