CVE-2021-47007
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix panic during f2fs_resize_fs()
f2fs_resize_fs() hangs in below callstack with testcase:
- mkfs 16GB image & mount image
- dd 8GB fileA
- dd 8GB fileB
- sync
- rm fileA
- sync
- resize filesystem to 8GB
kernel BUG at segment.c:2484! Call Trace: allocate_segment_by_default+0x92/0xf0 [f2fs] f2fs_allocate_data_block+0x44b/0x7e0 [f2fs] do_write_page+0x5a/0x110 [f2fs] f2fs_outplace_write_data+0x55/0x100 [f2fs] f2fs_do_write_data_page+0x392/0x850 [f2fs] move_data_page+0x233/0x320 [f2fs] do_garbage_collect+0x14d9/0x1660 [f2fs] free_segment_range+0x1f7/0x310 [f2fs] f2fs_resize_fs+0x118/0x330 [f2fs] __f2fs_ioctl+0x487/0x3680 [f2fs] __x64_sys_ioctl+0x8e/0xd0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xa9
The root cause is we forgot to check that whether we have enough space in resized filesystem to store all valid blocks in before-resizing filesystem, then allocator will run out-of-space during block migration in free_segment_range().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b4b10061ef98c583bcf82a4200703fbaa98c18dc < 1c20a4896409f5ca1c770e1880c33d0a28a8b10f | affected |
| Linux | Linux | b4b10061ef98c583bcf82a4200703fbaa98c18dc < 860afd680d9cc1dabd61cda3cd246f60aa1eb705 | affected |
| Linux | Linux | b4b10061ef98c583bcf82a4200703fbaa98c18dc < 822054e5026c43b1dd60cf387dd999e95ee2ecc2 | affected |
| Linux | Linux | b4b10061ef98c583bcf82a4200703fbaa98c18dc < 3ab0598e6d860ef49d029943ba80f627c15c15d6 | affected |
| Linux | Linux | 5.8 | affected |
| Linux | Linux | 0 < 5.8 | unaffected |
| Linux | Linux | 5.10.38 <= 5.10.* | unaffected |
| Linux | Linux | 5.11.22 <= 5.11.* | unaffected |
| Linux | Linux | 5.12.5 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f
- https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705
- https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2
- https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6
References
- https://git.kernel.org/stable/c/1c20a4896409f5ca1c770e1880c33d0a28a8b10f
- https://git.kernel.org/stable/c/860afd680d9cc1dabd61cda3cd246f60aa1eb705
- https://git.kernel.org/stable/c/822054e5026c43b1dd60cf387dd999e95ee2ecc2
- https://git.kernel.org/stable/c/3ab0598e6d860ef49d029943ba80f627c15c15d6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.