cve/2024/CVE-2024-56565.md

### [CVE-2024-56565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56565)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=35ec7d5748849762008e8ae9f8ad2766229d5794%3C%20ed24ab98242f8d22b66fbe0452c97751b5ea4e22%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to drop all discards after creating snapshot on lvm devicePiergiorgio reported a bug in bugzilla as below:------------[ cut here ]------------WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs]Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30w/ below testcase, it can reproduce this bug quickly:- pvcreate /dev/vdb- vgcreate myvg1 /dev/vdb- lvcreate -L 1024m -n mylv1 myvg1- mount /dev/myvg1/mylv1 /mnt/f2fs- dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20- sync- rm /mnt/f2fs/file- sync- lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1- umount /mnt/f2fsThe root cause is: it will update discard_max_bytes of mounted lvmdevice to zero after creating snapshot on this lvm device, then,__submit_discard_cmd() will pass parameter @nr_sects w/ zero valueto __blkdev_issue_discard(), it returns a NULL bio pointer, resultin panic.This patch changes as below for fixing:1. Let's drop all remained discards in f2fs_unfreeze() if snapshotof lvm device is created.2. Checking discard_max_bytes before submitting discard during__submit_discard_cmd().

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cku-heise/euvd-api-doc