Linux Kernel F2FS Filesystem Node Footer Sanity Check Vulnerability

A vulnerability exists in the Linux kernel's F2FS (Flash-Friendly File System) implementation, specifically within the node management functions. The issue arises because the filesystem does not properly validate the footer of node pages before they are written back, which can lead to data corruption. This vulnerability is triggered when a node page's footer is damaged, allowing the corrupted page to be loaded asynchronously without a proper sanity check. Once the page is modified and marked dirty, the inconsistency is not detected until the page is flushed, potentially causing a kernel panic.

Impact

Exploitation of this vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating a fuzzed image that corrupts the footer of a node page in the F2FS filesystem. When this corrupted page is accessed through asynchronous read-ahead functions, the missing sanity check allows the corruption to go undetected. Once the page is modified and dirty, the inconsistency between the node index and the footer information will cause a kernel bug after the page is written back.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading can be found in the official Linux kernel documentation.