CVE-2022-49738
📋 TL;DR
This is a Linux kernel vulnerability in the F2FS filesystem garbage collection code where missing sanity checks on i_extra_isize values can lead to out-of-bounds memory reads. It affects systems using F2FS filesystem with vulnerable kernel versions, potentially allowing attackers to crash systems or leak kernel memory.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, or potential information disclosure through kernel memory leaks.
Likely Case
System crash or instability when garbage collection triggers on corrupted F2FS filesystems.
If Mitigated
No impact if patched or F2FS not in use.
🎯 Exploit Status
Requires ability to trigger garbage collection on corrupted F2FS filesystem. Discovered via syzbot fuzzing.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commit hashes provided in references
Vendor Advisory: https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable F2FS
allAvoid using F2FS filesystem if not required
# Check if F2FS is in use: findmnt -t f2fs
# Consider migrating to ext4 or other filesystems
🧯 If You Can't Patch
- Avoid using F2FS filesystem on critical systems
- Implement strict access controls to prevent local users from triggering garbage collection
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if F2FS is mounted: uname -r && findmnt -t f2fsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is after fixes: check git commit hashes in kernel source or distribution patch notes📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- KASAN reports of slab-out-of-bounds in f2fs_gc or is_alive functions
- System crashes during writeback operations
Network Indicators:
- None - local vulnerability
SIEM Query:
kernel: "KASAN: slab-out-of-bounds" AND "f2fs" OR kernel: "BUG: KASAN" AND "is_alive" OR "gc_data_segment"🔗 References
- https://git.kernel.org/stable/c/5b25035fb888cb2f78bf0b9c9f95b1dc54480d36
- https://git.kernel.org/stable/c/914e38f02a490dafd980ff0f39cccedc074deb29
- https://git.kernel.org/stable/c/97ccfffcc061e54ce87e4a51a40e2e9cb0b7076a
- https://git.kernel.org/stable/c/d3b7b4afd6b2c344eabf9cc26b8bfa903c164c7c
- https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f
