An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. References: https://www.openwall.com/lists/oss-security/2021/03/28/2 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1944299]
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Statement: There was no shipped kernel version were seen affected with this problem. These files are not built in our source code.
External References: https://www.openwall.com/lists/oss-security/2021/03/28/2 https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg2520013.html
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3506
This was fixed for Fedora in the 5.11.20 stable kernel updates.