CVE-2021-45469
📋 TL;DR
This vulnerability allows an attacker to trigger an out-of-bounds memory access in the Linux kernel's F2FS filesystem when processing extended attributes. It affects Linux systems using F2FS filesystem with kernels up to 5.15.11. Attackers could potentially crash the system or execute arbitrary code.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution
Likely Case
System crash or denial of service through kernel panic
If Mitigated
Limited impact if F2FS filesystem is not in use or systems have kernel hardening protections
🎯 Exploit Status
Exploit requires local access and ability to create/modify files on F2FS filesystem
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.15.12 and later
Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.15.12 or later. 2. Reboot system to load new kernel. 3. Verify kernel version with 'uname -r'
🔧 Temporary Workarounds
Disable F2FS filesystem
linuxPrevent use of F2FS filesystem to eliminate attack surface
# Remove F2FS kernel module: rmmod f2fs
# Blacklist F2FS module: echo 'blacklist f2fs' > /etc/modprobe.d/f2fs-blacklist.conf
🧯 If You Can't Patch
- Restrict user access to systems using F2FS filesystem
- Implement strict filesystem monitoring and alert on unusual xattr operations
🔍 How to Verify
Check if Vulnerable:
Check kernel version: 'uname -r' and verify if <= 5.15.11. Check if F2FS is in use: 'lsmod | grep f2fs' or 'mount | grep f2fs'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is 5.15.12 or later: 'uname -r'. Confirm F2FS module is not loaded or patched.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer messages
- Filesystem corruption errors in dmesg
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("f2fs" OR "xattr")🔗 References
- http://www.openwall.com/lists/oss-security/2021/12/25/1
- https://bugzilla.kernel.org/show_bug.cgi?id=215235
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
- http://www.openwall.com/lists/oss-security/2021/12/25/1
- https://bugzilla.kernel.org/show_bug.cgi?id=215235
- https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&id=5598b24efaf4892741c798b425d543e4bed357a1
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AK2C4A43BZSWATZWFUHHHUQF3HPIALNP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QG7XV2WXKMSMKIQKIBG5LW3Y3GXEWG5Q/
- https://security.netapp.com/advisory/ntap-20220114-0003/
- https://www.debian.org/security/2022/dsa-5050
- https://www.debian.org/security/2022/dsa-5096
