CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-40971: f2fs: remove clear SB_INLINECRYPT flag in default_options

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: remove clear SB_INLINECRYPT flag in default_options

In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set.
If create new file or open file during this gap, these files
will not use inlinecrypt. Worse case, it may lead to data
corruption if wrappedkey_v0 is enable.

Thread A: Thread B:

-f2fs_remount -f2fs_file_open or f2fs_new_inode
-default_options
<- clear SB_INLINECRYPT flag

-fscrypt_select_encryption_impl

-parse_options
<- set SB_INLINECRYPT again

Classification

CVE ID: CVE-2024-40971

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.41% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/38a82c8d00638bb642bef787eb1d5e0e4d3b7d71
https://git.kernel.org/stable/c/724429db09e21ee153fef35e34342279d33df6ae
https://git.kernel.org/stable/c/a9cea0489c562c97cd56bb345e78939f9909e7f4
https://git.kernel.org/stable/c/eddeb8d941d5be11a9da5637dbe81ac37e8449a2
https://git.kernel.org/stable/c/ae39c8ec4250d2a35ddaab1c40faacfec306ff66
https://git.kernel.org/stable/c/ac5eecf481c29942eb9a862e758c0c8b68090c33

Timeline

2024-12-20 00:40:11 UTC
CVE

f2fs: remove clear SB_INLINECRYPT flag in default_options