CVE-2024-27032

low-risk
Published 2024-05-01

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Linux

References (10)

Patch https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58
Patch https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c
Patch https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1
Patch https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67
Patch https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0
Patch https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58
Patch https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c
Patch https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1
Patch https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67
Patch https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0
21
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal