Linux Kernel F2FS Filesystem Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. This issue arises from the improper handling of error return values in the 'f2fs_recover_fsync_data()' function, particularly when the filesystem is mounted with read-only options that disable recovery. The flaw can lead to a kernel panic, causing the system to become unresponsive.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a denial-of-service condition where the system becomes unresponsive.

Reproduction

To reproduce this vulnerability, create a F2FS filesystem on a device (e.g., /dev/vdd) and mount it. After writing a file and syncing the data, unmount the filesystem. Then, remount it with options that disable recovery. This process will trigger a kernel panic by causing the F2FS filesystem to improperly manage the fsync recovery process, ultimately leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.