[SRU][N][PATCH 0/1] CVE-2024-49887
Massimiliano Pellizzer
massimiliano.pellizzer at canonical.com
Tue May 13 19:51:02 UTC 2025
https://ubuntu.com/security/CVE-2024-49887
[ Impact ]
f2fs: fix to don't panic system for no free segment fault injection
[ Fix ]
Plucky: Not affected
Oracular: Fixed via upstream stable updates (LP: #2089052)
Noble: Cherry picked a dependency and backported the fix commit
Jammy: Not affected
Focal: Not affected
[ Test Plan ]
Compiled and boot tested.
Tested simulating high write workload that could exhaust
segment allocations using stress-ng:
$ sudo mkfs.f2fs -f /dev/sdb
...
Info: format successful
$ sudo mkdir /mnt/test
$ sudo mount -t f2fs /dev/sdb /mnt/test/
$ cd /mnt/test/
$ sudo stress-ng --hdd 4 --hdd-bytes 1G --fallocate 4 --timeout 10m --aggressive --metrics-brief
...
stress-ng: info: [5945] successful run completed in 10 mins, 3.72 secs
[ Where Problems Could Occur ]
The fix affects the f2fs segment allocation logic.
An issue with this fix may lead to incorrect handling of
segment exhaustion scenarios, particularly during
aggressive allocation requests.
A user might experience problems such as allocation failures,
or system hangs during high I/O workloads.
More information about the kernel-team
mailing list