CVE-2022-49363 is a vulnerability identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. The issue arises in the f2fs_do_zero_range() function, specifically related to the handling of block addresses during the fallocate system call. The root cause is an inconsistency between the block mapping information in the inode and the Segment Information Table (SIT) after fuzz testing, which leads to invalid block addresses being used when updating the SIT. This inconsistency can cause a kernel panic due to an invalid block address being processed in the f2fs_fallocate() function. The vulnerability was discovered and reported by Yanming via the Linux kernel bugzilla. The kernel panic occurs at fs/f2fs/segment.c line 2291, triggered by the call stack involving f2fs_invalidate_blocks, f2fs_fallocate, vfs_fallocate, and the syscall interface. The fix involves adding a sanity check on the block address before updating the SIT table to prevent invalid addresses from causing a panic. This vulnerability affects Linux kernel versions around 5.17, where the F2FS filesystem is enabled with CONFIG_KASAN and CONFIG_KASAN_INLINE for kernel address sanitizer support. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts system stability and availability due to potential kernel panics triggered by malformed or fuzzed filesystem images or operations.

For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the F2FS filesystem enabled, particularly in environments where fallocate system calls are used or where untrusted or fuzzed filesystem images might be mounted or manipulated. The impact is a denial of service (DoS) condition caused by kernel panics, which can disrupt critical services and operations. This is especially relevant for data centers, cloud providers, and enterprises relying on Linux-based infrastructure for storage and file system operations. While the vulnerability does not appear to allow privilege escalation or data corruption directly, the forced kernel panic can lead to system downtime, loss of availability, and potential cascading failures in clustered or virtualized environments. European organizations with high availability requirements or those using F2FS on embedded or specialized devices (e.g., IoT, automotive, or telecom equipment) may face operational disruptions. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent exploitation attempts that could leverage fuzzed or malformed filesystem images to cause service interruptions.

1. Apply the official Linux kernel patch that adds the sanity check on block addresses in the f2fs_do_zero_range() function as soon as it becomes available in your distribution or kernel version. 2. For systems where immediate patching is not feasible, consider disabling or avoiding the use of the F2FS filesystem, especially on systems exposed to untrusted input or where fallocate operations are common. 3. Implement strict controls on mounting and handling of filesystem images, particularly those from untrusted or external sources, to prevent fuzzed or malformed images from triggering the vulnerability. 4. Monitor kernel logs for signs of f2fs-related kernel panics or unusual fallocate syscall failures, which could indicate attempted exploitation or triggering of this vulnerability. 5. Use kernel address sanitizer (KASAN) enabled kernels in testing environments to detect and analyze potential memory corruption or invalid access issues related to filesystem operations. 6. Incorporate this vulnerability into incident response and patch management workflows to ensure timely updates and risk mitigation.