CVE - CVE-2024-39467

CVE-ID
CVE-2024-39467	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ================================================================== BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 Read of size 1 at addr ffff88807a58c76c by task syz-executor280/5076 CPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] current_nat_addr fs/f2fs/node.h:213 [inline] f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600 f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline] f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838 __do_sys_ioctl fs/ioctl.c:902 [inline] __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The root cause is we missed to do sanity check on i_xattr_nid during f2fs_iget(), so that in fiemap() path, current_nat_addr() will access nat_bitmap w/ offset from invalid i_xattr_nid, result in triggering kasan bug report, fix it.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98 URL:https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98 MISC:https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717 URL:https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717 MISC:https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57 URL:https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57 MISC:https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff URL:https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff MISC:https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0 URL:https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0 MISC:https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba URL:https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba MISC:https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8 URL:https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8
Assigning CNA
kernel.org
Date Record Created
20240625	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240625)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)