CVE-2024-53220 (GCVE-0-2024-53220)

Vulnerability from cvelistv5 – Published: 2024-12-27 13:50 – Updated: 2026-05-11 20:53
VLAI
Title
f2fs: fix to account dirty data in __get_secs_required()
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in __get_secs_required() It will trigger system panic w/ testcase in [1]: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:new_curseg+0xc81/0x2110 Call Trace: f2fs_allocate_data_block+0x1c91/0x4540 do_write_page+0x163/0xdf0 f2fs_outplace_write_data+0x1aa/0x340 f2fs_do_write_data_page+0x797/0x2280 f2fs_write_single_data_page+0x16cd/0x2190 f2fs_write_cache_pages+0x994/0x1c80 f2fs_write_data_pages+0x9cc/0xea0 do_writepages+0x194/0x7a0 filemap_fdatawrite_wbc+0x12b/0x1a0 __filemap_fdatawrite_range+0xbb/0xf0 file_write_and_wait_range+0xa1/0x110 f2fs_do_sync_file+0x26f/0x1c50 f2fs_sync_file+0x12b/0x1d0 vfs_fsync_range+0xfa/0x230 do_fsync+0x3d/0x80 __x64_sys_fsync+0x37/0x50 x64_sys_call+0x1e88/0x20d0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e The root cause is if checkpoint_disabling and lfs_mode are both on, it will trigger OPU for all overwritten data, it may cost more free segment than expected, so f2fs must account those data correctly to calculate cosumed free segments later, and return ENOSPC earlier to avoid run out of free segment during block allocation. [1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 4354994f097d068a894aa1a0860da54571df3582 , < 6e58b2987960efcd917bc42da781cee256213618 (git)
Affected: 4354994f097d068a894aa1a0860da54571df3582 , < f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5 (git)
Affected: 4354994f097d068a894aa1a0860da54571df3582 , < 9313b85ddc120e2d2f0efaf86d0204d4c98d60b1 (git)
Affected: 4354994f097d068a894aa1a0860da54571df3582 , < e812871c068cc0f91ff9f5cee87d00df1c44aae4 (git)
Affected: 4354994f097d068a894aa1a0860da54571df3582 , < 1acd73edbbfef2c3c5b43cba4006a7797eca7050 (git)
Create a notification for this product.
Linux Linux Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:47:48.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/segment.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e58b2987960efcd917bc42da781cee256213618",
              "status": "affected",
              "version": "4354994f097d068a894aa1a0860da54571df3582",
              "versionType": "git"
            },
            {
              "lessThan": "f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5",
              "status": "affected",
              "version": "4354994f097d068a894aa1a0860da54571df3582",
              "versionType": "git"
            },
            {
              "lessThan": "9313b85ddc120e2d2f0efaf86d0204d4c98d60b1",
              "status": "affected",
              "version": "4354994f097d068a894aa1a0860da54571df3582",
              "versionType": "git"
            },
            {
              "lessThan": "e812871c068cc0f91ff9f5cee87d00df1c44aae4",
              "status": "affected",
              "version": "4354994f097d068a894aa1a0860da54571df3582",
              "versionType": "git"
            },
            {
              "lessThan": "1acd73edbbfef2c3c5b43cba4006a7797eca7050",
              "status": "affected",
              "version": "4354994f097d068a894aa1a0860da54571df3582",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/segment.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to account dirty data in __get_secs_required()\n\nIt will trigger system panic w/ testcase in [1]:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2752!\nRIP: 0010:new_curseg+0xc81/0x2110\nCall Trace:\n f2fs_allocate_data_block+0x1c91/0x4540\n do_write_page+0x163/0xdf0\n f2fs_outplace_write_data+0x1aa/0x340\n f2fs_do_write_data_page+0x797/0x2280\n f2fs_write_single_data_page+0x16cd/0x2190\n f2fs_write_cache_pages+0x994/0x1c80\n f2fs_write_data_pages+0x9cc/0xea0\n do_writepages+0x194/0x7a0\n filemap_fdatawrite_wbc+0x12b/0x1a0\n __filemap_fdatawrite_range+0xbb/0xf0\n file_write_and_wait_range+0xa1/0x110\n f2fs_do_sync_file+0x26f/0x1c50\n f2fs_sync_file+0x12b/0x1d0\n vfs_fsync_range+0xfa/0x230\n do_fsync+0x3d/0x80\n __x64_sys_fsync+0x37/0x50\n x64_sys_call+0x1e88/0x20d0\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe root cause is if checkpoint_disabling and lfs_mode are both on,\nit will trigger OPU for all overwritten data, it may cost more free\nsegment than expected, so f2fs must account those data correctly to\ncalculate cosumed free segments later, and return ENOSPC earlier to\navoid run out of free segment during block allocation.\n\n[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T20:53:10.169Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e58b2987960efcd917bc42da781cee256213618"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9313b85ddc120e2d2f0efaf86d0204d4c98d60b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e812871c068cc0f91ff9f5cee87d00df1c44aae4"
        },
        {
          "url": "https://git.kernel.org/stable/c/1acd73edbbfef2c3c5b43cba4006a7797eca7050"
        }
      ],
      "title": "f2fs: fix to account dirty data in __get_secs_required()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-53220",
    "datePublished": "2024-12-27T13:50:05.416Z",
    "dateReserved": "2024-11-19T17:17:25.024Z",
    "dateUpdated": "2026-05-11T20:53:10.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-53220",
      "date": "2026-06-07",
      "epss": "0.00017",
      "percentile": "0.04503"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53220\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T14:15:30.077\",\"lastModified\":\"2025-11-03T21:17:43.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix to account dirty data in __get_secs_required()\\n\\nIt will trigger system panic w/ testcase in [1]:\\n\\n------------[ cut here ]------------\\nkernel BUG at fs/f2fs/segment.c:2752!\\nRIP: 0010:new_curseg+0xc81/0x2110\\nCall Trace:\\n f2fs_allocate_data_block+0x1c91/0x4540\\n do_write_page+0x163/0xdf0\\n f2fs_outplace_write_data+0x1aa/0x340\\n f2fs_do_write_data_page+0x797/0x2280\\n f2fs_write_single_data_page+0x16cd/0x2190\\n f2fs_write_cache_pages+0x994/0x1c80\\n f2fs_write_data_pages+0x9cc/0xea0\\n do_writepages+0x194/0x7a0\\n filemap_fdatawrite_wbc+0x12b/0x1a0\\n __filemap_fdatawrite_range+0xbb/0xf0\\n file_write_and_wait_range+0xa1/0x110\\n f2fs_do_sync_file+0x26f/0x1c50\\n f2fs_sync_file+0x12b/0x1d0\\n vfs_fsync_range+0xfa/0x230\\n do_fsync+0x3d/0x80\\n __x64_sys_fsync+0x37/0x50\\n x64_sys_call+0x1e88/0x20d0\\n do_syscall_64+0x4b/0x110\\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n\\nThe root cause is if checkpoint_disabling and lfs_mode are both on,\\nit will trigger OPU for all overwritten data, it may cost more free\\nsegment than expected, so f2fs must account those data correctly to\\ncalculate cosumed free segments later, and return ENOSPC earlier to\\navoid run out of free segment during block allocation.\\n\\n[1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para contabilizar datos sucios en __get_secs_required() Activar\u00e1 el p\u00e1nico del sistema con el caso de prueba en [1]: ------------[ corte aqu\u00ed ]------------ \u00a1ERROR del kernel en fs/f2fs/segment.c:2752! RIP: 0010:new_curseg+0xc81/0x2110 Seguimiento de llamadas: f2fs_allocate_data_block+0x1c91/0x4540 do_write_page+0x163/0xdf0 f2fs_outplace_write_data+0x1aa/0x340 f2fs_do_write_data_page+0x797/0x2280 f2fs_write_single_data_page+0x16cd/0x2190 f2fs_write_cache_pages+0x994/0x1c80 f2fs_write_data_pages+0x9cc/0xea0 do_writepages+0x194/0x7a0 filemap_fdatawrite_wbc+0x12b/0x1a0 __filemap_fdatawrite_range+0xbb/0xf0 file_write_and_wait_range+0xa1/0x110 f2fs_do_sync_file+0x26f/0x1c50 f2fs_sync_file+0x12b/0x1d0 vfs_fsync_range+0xfa/0x230 do_fsync+0x3d/0x80 __x64_sys_fsync+0x37/0x50 x64_sys_call+0x1e88/0x20d0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e La causa ra\u00edz es que si checkpoint_disabling y lfs_mode est\u00e1n activados, se activar\u00e1 OPU para todos los datos sobrescritos, lo que puede costar m\u00e1s segmento libre de lo esperado, por lo que f2fs debe tener en cuenta esos datos correctamente para calcular los segmentos libres consumidos m\u00e1s tarde y devolver ENOSPC antes para evitar quedarse sin segmentos libres durante la asignaci\u00f3n de bloques. [1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"6.1.120\",\"matchCriteriaId\":\"3003D323-CBD0-4593-9A56-0256311FBD94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.64\",\"matchCriteriaId\":\"CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.11\",\"matchCriteriaId\":\"21434379-192D-472F-9B54-D45E3650E893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12\",\"versionEndExcluding\":\"6.12.2\",\"matchCriteriaId\":\"D8882B1B-2ABC-4838-AC1D-DBDBB5764776\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1acd73edbbfef2c3c5b43cba4006a7797eca7050\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6e58b2987960efcd917bc42da781cee256213618\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9313b85ddc120e2d2f0efaf86d0204d4c98d60b1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e812871c068cc0f91ff9f5cee87d00df1c44aae4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f1b8bfe8d2f2fdf905d37c174d5bc1cd2b6910c5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.