CVE-2024-53220
- Source
- https://cve.org/CVERecord?id=CVE-2024-53220
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53220.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53220
- Downstream
- Related
- Published
- 2024-12-27T13:50:05.416Z
- Modified
- 2026-03-20T12:40:49.766474Z
- Summary
- f2fs: fix to account dirty data in __get_secs_required()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to account dirty data in __getsecsrequired()
It will trigger system panic w/ testcase in [1]:
------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:newcurseg+0xc81/0x2110 Call Trace: f2fsallocatedatablock+0x1c91/0x4540 dowritepage+0x163/0xdf0 f2fsoutplacewritedata+0x1aa/0x340 f2fsdowritedatapage+0x797/0x2280 f2fswritesingledatapage+0x16cd/0x2190 f2fswritecachepages+0x994/0x1c80 f2fswritedatapages+0x9cc/0xea0 dowritepages+0x194/0x7a0 filemapfdatawritewbc+0x12b/0x1a0 __filemapfdatawriterange+0xbb/0xf0 filewriteandwaitrange+0xa1/0x110 f2fsdosyncfile+0x26f/0x1c50 f2fssyncfile+0x12b/0x1d0 vfsfsyncrange+0xfa/0x230 dofsync+0x3d/0x80 __x64sysfsync+0x37/0x50 x64syscall+0x1e88/0x20d0 dosyscall64+0x4b/0x110 entrySYSCALL64afterhwframe+0x76/0x7e
The root cause is if checkpointdisabling and lfsmode are both on, it will trigger OPU for all overwritten data, it may cost more free segment than expected, so f2fs must account those data correctly to calculate cosumed free segments later, and return ENOSPC earlier to avoid run out of free segment during block allocation.
[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53220.json" }- References
-
- https://git.kernel.org/stable/c/1acd73edbbfef2c3c5b43cba4006a7797eca7050
- https://git.kernel.org/stable/c/6e58b2987960efcd917bc42da781cee256213618
- https://git.kernel.org/stable/c/9313b85ddc120e2d2f0efaf86d0204d4c98d60b1
- https://git.kernel.org/stable/c/e812871c068cc0f91ff9f5cee87d00df1c44aae4
- https://git.kernel.org/stable/c/f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/53xxx/CVE-2024-53220.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-53220
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4354994f097d068a894aa1a0860da54571df3582Fixed6e58b2987960efcd917bc42da781cee256213618Fixedf1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5Fixed9313b85ddc120e2d2f0efaf86d0204d4c98d60b1Fixede812871c068cc0f91ff9f5cee87d00df1c44aae4Fixed1acd73edbbfef2c3c5b43cba4006a7797eca7050