Acknowledged
Created: Jul 4, 2025
Updated: Jul 8, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]f2fs: fix to do sanity check on sbi->total_valid_block_count[EOL][EOL]syzbot reported a f2fs bug as below:[EOL][EOL]------------[ cut here ]------------[EOL]kernel BUG at fs/f2fs/f2fs.h:2521![EOL]RIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521[EOL]Call Trace:[EOL] f2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695[EOL] truncate_dnode+0x417/0x740 fs/f2fs/node.c:973[EOL] truncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014[EOL] f2fs_truncate_inode_blocks+0x8e3/0x1370 fs/f2fs/node.c:1197[EOL] f2fs_do_truncate_blocks+0x840/0x12b0 fs/f2fs/file.c:810[EOL] f2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:838[EOL] f2fs_truncate+0x417/0x720 fs/f2fs/file.c:888[EOL] f2fs_setattr+0xc4f/0x12f0 fs/f2fs/file.c:1112[EOL] notify_change+0xbca/0xe90 fs/attr.c:552[EOL] do_truncate+0x222/0x310 fs/open.c:65[EOL] handle_truncate fs/namei.c:3466 [inline][EOL] do_open fs/namei.c:3849 [inline][EOL] path_openat+0x2e4f/0x35d0 fs/namei.c:4004[EOL] do_filp_open+0x284/0x4e0 fs/namei.c:4031[EOL] do_sys_openat2+0x12b/0x1d0 fs/open.c:1429[EOL] do_sys_open fs/open.c:1444 [inline][EOL] __do_sys_creat fs/open.c:1522 [inline][EOL] __se_sys_creat fs/open.c:1516 [inline][EOL] __x64_sys_creat+0x124/0x170 fs/open.c:1516[EOL] do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline][EOL] do_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94[EOL][EOL]The reason is: in fuzzed image, sbi->total_valid_block_count is[EOL]inconsistent w/ mapped blocks indexed by inode, so, we should[EOL]not trigger panic for such case, instead, let's print log and[EOL]set fsck flag.
CREATE(Triage):(User=lchen-cn) [CVE-2025-38163 (https://nvd.nist.gov/vuln/detail/CVE-2025-38163)
