Home

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path Syzbot reports a NULL pointer dereference issue as below: __refcount_add include/linux/refcount.h:193 [inline] __refcount_inc include/linux/refcount.h:250 [inline] refcount_inc include/linux/refcount.h:267 [inline] get_task_struct include/linux/sched/task.h:110 [inline] kthread_stop+0x34/0x1c0 kernel/kthread.c:703 f2fs_stop_discard_thread+0x3c/0x5c fs/f2fs/segment.c:1638 kill_f2fs_super+0x5c/0x194 fs/f2fs/super.c:4522 deactivate_locked_super+0x70/0xe8 fs/super.c:332 deactivate_super+0xd0/0xd4 fs/super.c:363 cleanup_mnt+0x1f8/0x234 fs/namespace.c:1186 __cleanup_mnt+0x20/0x30 fs/namespace.c:1193 task_work_run+0xc4/0x14c kernel/task_work.c:177 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x26c/0xbe0 kernel/exit.c:795 do_group_exit+0x60/0xe8 kernel/exit.c:925 __do_sys_exit_group kernel/exit.c:936 [inline] __se_sys_exit_group kernel/exit.c:934 [inline] __wake_up_parent+0x0/0x40 kernel/exit.c:934 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline] invoke_syscall arch/arm64/kernel/syscall.c:52 [inline] el0_svc_common+0x138/0x220 arch/arm64/kernel/syscall.c:142 do_el0_svc+0x48/0x164 arch/arm64/kernel/syscall.c:206 el0_svc+0x58/0x150 arch/arm64/kernel/entry-common.c:636 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:654 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:581 The root cause of this issue is in error path of f2fs_start_discard_thread(), it missed to invalidate dcc->f2fs_issue_discard, later kthread_stop() may access invalid pointer.

PUBLISHED Reserved 2025-12-08 | Published 2025-12-08 | Updated 2025-12-08 | Assigner Linux

Product status

Default status
unaffected

4d67490498acb4ffcef5ba7bc44990d46e66a44c (git) before 865bb7b5a7deeb0e5afbd82381d52d38825dc64d
affected

4d67490498acb4ffcef5ba7bc44990d46e66a44c (git) before a3e517a6ba695d683ee63615e1ea6e6b4c7d2732
affected

4d67490498acb4ffcef5ba7bc44990d46e66a44c (git) before ae6c960a82c52c3bda5adc82d90643d6c12d308e
affected

4d67490498acb4ffcef5ba7bc44990d46e66a44c (git) before 91586ce0d39a05f88795aa8814fb99b1387236b3
affected

Default status
affected

5.15
affected

Any version before 5.15
unaffected

5.15.86 (semver)
unaffected

6.0.16 (semver)
unaffected

6.1.2 (semver)
unaffected

6.2 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/865bb7b5a7deeb0e5afbd82381d52d38825dc64d

git.kernel.org/...c/a3e517a6ba695d683ee63615e1ea6e6b4c7d2732

git.kernel.org/...c/ae6c960a82c52c3bda5adc82d90643d6c12d308e

git.kernel.org/...c/91586ce0d39a05f88795aa8814fb99b1387236b3

cve.org (CVE-2022-50620)

nvd.nist.gov (CVE-2022-50620)

Download JSON