Bug 27413 - f2fs-tools new security issue CVE-2020-6070
Summary: f2fs-tools new security issue CVE-2020-6070
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2020-10-13 20:36 CEST by David Walser
Modified: 2020-11-23 20:52 CET (History)
4 users (show)

See Also:
Source RPM: f2fs-tools-1.13.0-1.mga8.src.rpm
Status comment:


Description David Walser 2020-10-13 20:36:33 CEST
Fedora has issued an advisory on September 28:

The issue is fixed upstream in 1.14.0.

Mageia 7 is also affected.
Comment 1 David GEIGER 2020-11-20 07:02:47 CET
Done for both Cauldron and mga7!
Comment 2 David Walser 2020-11-20 16:41:33 CET

Updated f2fs-tools packages fix security vulnerability:

An exploitable code execution vulnerability exists in the file system checking
functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a
logic flaw and out-of-bounds heap operations, resulting in code execution. An
attacker can provide a malicious file to trigger this vulnerability


Updated packages in core/updates_testing:

from f2fs-tools-1.14.0-1.mga7.src.rpm

CC: (none) => geiger.david68210
Version: Cauldron => 7
Assignee: geiger.david68210 => qa-bugs

Comment 3 Herman Viaene 2020-11-23 11:27:49 CET
MGA7-64 MATE on Peaq C1011
No installation issues
Did some reading on NAND and NOR flash memory and concluded that USB sticks are probably all NAND types.
So inserted one and went on
umount /run/media/tester7/56bb5c6c-4844-4a99-b42b-11f0127e9835 

This notebook has no rust drive, so the USB is sda, that's not a typo.
# mkfs.f2fs /dev/sda

	F2FS-tools: mkfs.f2fs Ver: 1.14.0 (2020-08-24)

Info: Disable heap-based policy
Info: Debug level = 0
Info: Trim is enabled
	/dev/sda appears to contain an existing filesystem (xfs).
	Use the -f option to force overwrite.
[root@mach6 ~]# mkfs.f2fs -f /dev/sda

	F2FS-tools: mkfs.f2fs Ver: 1.14.0 (2020-08-24)

Info: Disable heap-based policy
Info: Debug level = 0
Info: Trim is enabled
Info: [/dev/sda] Disk Model: USB Flash Drive 
Info: Segments per section = 1
Info: Sections per zone = 1
Info: sector size = 512
Info: total sectors = 31258624 (15263 MB)
Info: zone aligned segment0 blkaddr: 512
Info: format version with
  "Linux version 5.7.19-desktop-3.mga7 (iurt@ec2x1.mageia.org) (gcc version 8.4.0 (Mageia 8.4.0-1.mga7), GNU ld (GNU Binutils) 2.33.1) #1 SMP Sun Oct 18 15:46:00 UTC 2020"
Info: [/dev/sda] Discarding device
Info: This device doesn't support BLKSECDISCARD
Info: This device doesn't support BLKDISCARD
Info: Overprovision ratio = 1.630%
Info: Overprovision segments = 251 (GC reserved = 130)
Info: format successful

# ls -als /run/media/tester7/c3418608-78b3-48b4-967f-767a4d9ed359/
total 4
4 drwxr-xr-x  2 root root 4096 Nov 23 10:58 ./
0 drwxr-x---+ 3 root root   60 Nov 23 10:59 ../

# chmod 777 /run/media/tester7/c3418608-78b3-48b4-967f-767a4d9ed359/
So using caja, I wrote a text file on the stick, safely removed it, plugged it in my desktop PC, and accessed the device and read the file.
Then reverted to the original status on the notebook.

# umount /run/media/tester7/c3418608-78b3-48b4-967f-767a4d9ed359 

# mkfs.vfat /dev/sda
mkfs.fat 4.1 (2017-01-24)

# fsck.vfat /dev/sda
fsck.fat 4.1 (2017-01-24)
/dev/sda: 0 files, 1/1951754 clusters

Wrote again a text file on it and checked on the desktop PC, 
All OK

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 4 Aurelien Oudelet 2020-11-23 15:07:34 CET
Advisory pushed to SVN.

Keywords: (none) => advisory, validated_update
CC: (none) => ouaurelien, sysadmin-bugs

Comment 5 Mageia Robot 2020-11-23 20:52:57 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.