CVE-2024-35844 - Linux Kernel Vulnerability in f2fs: Compress - Reserve_cblocks Counting Error When Out of Space Fixed
A vulnerability has been discovered in the Linux kernel relating to the f2fs (Flash-Friendly File System) compression module. The issue arises when reserving cblocks while running out of space, leading to an unrepairable file. This vulnerability has been assigned CVE-2024-35844 and is now resolved.
This vulnerability specifically affected files with only one direct_node. The reserved_blocks count would stay at in the case of no space being left on the device, leading to fsck being unable to repair the file. This issue was discovered when running the following operations in sequence:
./f2fs_io compress test.apk
df -h | grep dm-48
./f2fs_io release_cblocks test.apk
df -h | grep dm-48
dd if=/dev/random of=file4 bs=1M count=3
df -h | grep dm-48
./f2fs_io reserve_cblocks test.apk
adb reboot
df -h | grep dm-48
./f2fs_io reserve_cblocks test.apk
With the patch applied, the fsck flag will now be set correctly to fix the file when this scenario occurs.
The vulnerability, CVE-2024-35844, can be found in the original references. The exploit details and the patch to fix have also been made available to ensure the f2fs compress module operates smoothly under these conditions.
To prevent this vulnerability from causing issues on your system, ensure that you are running the latest version of the Linux kernel with the patch applied. Stay informed about security vulnerabilities in the software you are using, and make sure you apply updates as needed. Remember that proactive patch management helps minimize your exposure to potential security threats.
In conclusion, this Linux kernel vulnerability (CVE-2024-35844) is a crucial reminder to keep your systems up to date and apply patches when released. It is essential to always be informed about potential security risks and stay diligent with system management. Regularly monitor storage spaces and maintain updated system files to ensure smooth and secure operation. Protecting data and ensuring system integrity are top priorities for all instances, and addressing vulnerabilities like this one is crucial to achieving that goal.
Timeline
Published on: 05/17/2024 15:15:21 UTC
Last modified on: 12/19/2024 08:56:25 UTC