{"id":"CVE-2022-49363","summary":"f2fs: fix to do sanity check on block address in f2fs_do_zero_range()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on block address in f2fs_do_zero_range()\n\nAs Yanming reported in bugzilla:\n\nhttps://bugzilla.kernel.org/show_bug.cgi?id=215894\n\nI have encountered a bug in F2FS file system in kernel v5.17.\n\nI have uploaded the system call sequence as case.c, and a fuzzed image can\nbe found in google net disk\n\nThe kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can\nreproduce the bug by running the following commands:\n\nkernel BUG at fs/f2fs/segment.c:2291!\nCall Trace:\n f2fs_invalidate_blocks+0x193/0x2d0\n f2fs_fallocate+0x2593/0x4a70\n vfs_fallocate+0x2a5/0xac0\n ksys_fallocate+0x35/0x70\n __x64_sys_fallocate+0x8e/0xf0\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nThe root cause is, after image was fuzzed, block mapping info in inode\nwill be inconsistent with SIT table, so in f2fs_fallocate(), it will cause\npanic when updating SIT with invalid blkaddr.\n\nLet's fix the issue by adding sanity check on block address before updating\nSIT table with it.","modified":"2026-04-02T08:27:31.560315Z","published":"2025-02-26T02:11:09.817Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49363.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/25f8236213a91efdf708b9d77e9e51b6fc3e141c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/470493be19a5730ed432e3ac0f29a2ee7fc6c557"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"},{"type":"WEB","url":"https://git.kernel.org/stable/c/805b48b234a2803cb7daec7f158af12f0fbaefac"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a34d7b49894b0533222188a52e2958750f830efd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49363.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-49363"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"98e4da8ca301e062d79ae168c67e56f3c3de3ce4"},{"fixed":"7361c9f2bd6a8f0cbb41cdea9aff04765ff23f67"},{"fixed":"a34d7b49894b0533222188a52e2958750f830efd"},{"fixed":"f2e1c38b5ac64eb1a16a89c52fb419409d12c25b"},{"fixed":"470493be19a5730ed432e3ac0f29a2ee7fc6c557"},{"fixed":"805b48b234a2803cb7daec7f158af12f0fbaefac"},{"fixed":"25f8236213a91efdf708b9d77e9e51b6fc3e141c"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-49363.json"}}],"schema_version":"1.7.5"}