CVE-2024-56565

MEDIUM EPSS 11.4%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
11.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥4.19  –  <6.6.66
linuxlinux_kernel*≥6.7  –  <6.12.4

References 3

  • git.kernel.org https://git.kernel.org/stable/c/15136c3861a3341db261ebdbb6ae4ae1765635e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc8aeb04fd80cb8cfae3058445c84410fd0beb5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed24ab98242f8d22b66fbe0452c97751b5ea4e22
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/15136c3861a3341db261ebdbb6ae4ae1765635e2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bc8aeb04fd80cb8cfae3058445c84410fd0beb5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ed24ab98242f8d22b66fbe0452c97751b5ea4e22
    Patch