[SRU][Jammy/Lunar][PATCH 0/1] CVE-2023-2898
Yuxuan Luo
yuxuan.luo at canonical.com
Tue Aug 1 22:08:10 UTC 2023
[Impact]
There is a null-pointer-dereference flaw found in f2fs_write_end_io in
fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged
user to cause a denial of service problem.
[Backport]
It is a clean cherry pick for Lunar.
For Jammy, conflicts in `gc.c` requires e4544b63a7ee (“f2fs: move f2fs to use
reader-unfair rwsems”); however, since the part related to the fix
commit is merely renaming, it is possible to ignore this commit.
[Test]
Smoke tested on Lunar.
```bash
# apt-get install f2fs-tools -y
# modprobe f2fs
# modprobe null_blk gb=2 memory_backed=1 discard=1 # discard option is
# not available in Jammy
# mkdir /mnt/f2fs
# mkfs.f2fs -l label /dev/nullb0
# mount -t f2fs /dev/nullb0 /mnt/f2fs
# echo "hello" | sudo tee /mnt/f2fs/test
$ cat /mnt/f2fs/test
```
Compile and boot tested on Jammy.
[Potential Regression]
Expect low regression potential.
Chao Yu (1):
f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
fs/f2fs/f2fs.h | 2 +-
fs/f2fs/file.c | 2 +-
fs/f2fs/gc.c | 21 ++++++++++++++++++---
3 files changed, 20 insertions(+), 5 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list