1.3 KiB
CVE-2023-52444
Description
In the Linux kernel, the following vulnerability has been resolved:f2fs: fix to avoid dirent corruptionAs Al reported in link[1]:f2fs_rename()... if (old_dir != new_dir && !whiteout) f2fs_set_link(old_inode, old_dir_entry, old_dir_page, new_dir); else f2fs_put_page(old_dir_page, 0);You want correct inumber in the ".." link. And cross-directoryrename does move the source to new parent, even if you'd been askedto leave a whiteout in the old place.[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/With below testcase, it may cause dirent corruption, due to it missedto call f2fs_set_link() to update ".." link to new directory.- mkdir -p dir/foo- renameat2 -w dir/foo bar[ASSERT] (__chk_dots_dentries:1421) --> Bad inode number[0x4] for '..', parent parent ino is [0x3][FSCK] other corrupted bugs [Fail]
POC
Reference
No PoCs from references.