An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel. An attacker who is able to mount a xfs filesystem can trigger a denial of service while attempting to sync a file located an XFS v5 image with crafted metadata.
Reference and upstream commit:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1832545]
This flaw requires an attacker being able to have the system mount a crafted filesystem.
If the xfs filesystem is not in use, the 'xfs' kernel module can be blacklisted and the module
will not be loaded when the filesystem is mounted, mounting will fail.
However, if this filesystem is in use, this workaround will not be suitable.
To find out how to blacklist the "xfs" kernel module please see https://access.redhat.com/solutions/41278 or contact Red hat Global Support services
This issue is rated as having Low impact because of the preconditions needed to trigger it (administrative account or physical access).