CVE-2024-27032

f2fs: fix to avoid potential panic during recovery

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop.

Category

6.3
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0 patch
https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c patch
https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1 patch
https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67 patch
https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58 patch

Frequently Asked Questions

What is the severity of CVE-2024-27032?
CVE-2024-27032 has been scored as a medium severity vulnerability.
How to fix CVE-2024-27032?
To fix CVE-2024-27032, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-27032 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-27032 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-27032?
CVE-2024-27032 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.