ACK: [SRU][N][PATCH 0/1] CVE-2024-49887
Ian Whitfield
ian.whitfield at canonical.com
Mon May 19 19:51:06 UTC 2025
On Tue, May 13, 2025 at 09:51:02PM +0200, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2024-49887
>
> [ Impact ]
>
> f2fs: fix to don't panic system for no free segment fault injection
>
> [ Fix ]
>
> Plucky: Not affected
> Oracular: Fixed via upstream stable updates (LP: #2089052)
> Noble: Cherry picked a dependency and backported the fix commit
> Jammy: Not affected
> Focal: Not affected
>
> [ Test Plan ]
>
> Compiled and boot tested.
> Tested simulating high write workload that could exhaust
> segment allocations using stress-ng:
> $ sudo mkfs.f2fs -f /dev/sdb
> ...
> Info: format successful
> $ sudo mkdir /mnt/test
> $ sudo mount -t f2fs /dev/sdb /mnt/test/
> $ cd /mnt/test/
> $ sudo stress-ng --hdd 4 --hdd-bytes 1G --fallocate 4 --timeout 10m --aggressive --metrics-brief
> ...
> stress-ng: info: [5945] successful run completed in 10 mins, 3.72 secs
>
> [ Where Problems Could Occur ]
>
> The fix affects the f2fs segment allocation logic.
> An issue with this fix may lead to incorrect handling of
> segment exhaustion scenarios, particularly during
> aggressive allocation requests.
> A user might experience problems such as allocation failures,
> or system hangs during high I/O workloads.
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Ian Whitfield <ian.whitfield at canonical.com>
More information about the kernel-team
mailing list