Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2024-53221

Description

In the Linux kernel, the following vulnerability has been resolved:f2fs: fix null-ptr-deref in f2fs_submit_page_bio()There's issue as follows when concurrently installing the f2fs.komodule and mounting the f2fs file system:KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs]Call Trace: f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] validate_checkpoint+0xac/0x290 [f2fs] f2fs_get_valid_checkpoint+0x207/0x950 [f2fs] f2fs_fill_super+0x1007/0x39b0 [f2fs] mount_bdev+0x183/0x250 legacy_get_tree+0xf4/0x1e0 vfs_get_tree+0x88/0x340 do_new_mount+0x283/0x5e0 path_mount+0x2b2/0x15b0 __x64_sys_mount+0x1fe/0x270 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7eAbove issue happens as the biset of the f2fs file system is notinitialized before register "f2fs_fs_type".To address above issue just register "f2fs_fs_type" at the last ininit_f2fs_fs(). Ensure that all f2fs file system resources areinitialized.

POC

Reference

No PoCs from references.

Github

- https://github.com/cku-heise/euvd-api-doc

- https://github.com/fkie-cad/nvd-json-data-feeds