Linux Kernel F2FS Zero-Sized Extent Cache Update Vulnerability

A vulnerability in the Linux kernel's F2FS file system allows for the improper handling of zero-sized extents in the extent cache. This issue can lead to a kernel bug, as reported by syzbot, where an invalid opcode causes a kernel panic. The vulnerability arises in the error handling path of the 'f2fs_zero_range' function, which mistakenly adds a zero-sized extent to the extent cache. The problem has been observed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a kernel panic due to a 'BUG' triggered by an invalid opcode, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using the F2FS file system and invoking the 'fallocate' system call with the 'preallocate' option. This process will trigger the 'f2fs_do_zero_range' function, which, due to the vulnerability, will add a zero-sized extent to the extent cache, causing a kernel bug.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel Git repository.