medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-53221: f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

First published: Fri Dec 27 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_submit_page_bio() There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace: <TASK> f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] validate_checkpoint+0xac/0x290 [f2fs] f2fs_get_valid_checkpoint+0x207/0x950 [f2fs] f2fs_fill_super+0x1007/0x39b0 [f2fs] mount_bdev+0x183/0x250 legacy_get_tree+0xf4/0x1e0 vfs_get_tree+0x88/0x340 do_new_mount+0x283/0x5e0 path_mount+0x2b2/0x15b0 __x64_sys_mount+0x1fe/0x270 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Above issue happens as the biset of the f2fs file system is not initialized before register "f2fs_fs_type". To address above issue just register "f2fs_fs_type" at the last in init_f2fs_fs(). Ensure that all f2fs file system resources are initialized.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.6<6.11.11
Linux Kernel>=6.12<6.12.2

Remedy

https://git.kernel.org/stable/c/32f5e291b7677495f98246eec573767430321c08

Remedy

https://git.kernel.org/stable/c/9e11b1d5fda972f6be60ab732976a7c8e064cd56

Remedy

https://git.kernel.org/stable/c/b7d0a97b28083084ebdd8e5c6bccd12e6ec18faa

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-53221?

    CVE-2024-53221 is classified as a medium severity vulnerability in the Linux kernel.

  • How do I fix CVE-2024-53221?

    To fix CVE-2024-53221, update the Linux kernel to a version later than 6.12.2 or apply the relevant patches available.

  • What versions of the Linux kernel are affected by CVE-2024-53221?

    CVE-2024-53221 affects Linux kernel versions between 5.6 and 6.12.2.

  • What is the nature of the issue described in CVE-2024-53221?

    The issue in CVE-2024-53221 involves a null pointer dereference in the f2fs_submit_page_bio() function.

  • Is CVE-2024-53221 exploitable remotely?

    CVE-2024-53221 is not specifically documented as a remote vulnerability but may be exploited in specific conditions involving concurrent operations.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203