Linux kernel: f2fs: out-of-bounds memory access bug

[butt3rflyh4ck <butterflyhuangxx () gmail com>]

Hi,

I reported an out of bounds memory access bug in get_next_net_page()
in fs/f2fs/node.c and reproduce in 5.12.0-rc3. Now the patch is out
and tested it in 5.12.0-rc4.

Root Cause:
 the f2fs_flush_nat_entries()  function is called during the
checkpointing process,
when it flush dirty nats in nat entry sets, it will call
__flush_nat_entry_set(), but before call it,the legality of nids is
not correctly tested. If the nids is out of range, may access
out-of-bounds memory.

Some details and Patch for this issue:
https://www.mail-archive.com/linux-kernel () vger kernel org/msg2520013.html
Now the patch is not available in upstream, CVE is not assigned.

Now announced on oss-security () lists openwl com.

This issue was discovered by the ADLab of venustech.

Regards,
 butt3rflyh4ck.