Use-After-Free Vulnerability in f2fs File System on Linux Kernel
CVE-2023-53846
What is CVE-2023-53846?
A use-after-free vulnerability exists in the f2fs file system of the Linux Kernel that could lead to potential out-of-boundary access. Specifically, when inodeA is truncated, it references inodeB, which may cause improper memory access during the truncation process. This flaw can lead to instability and data corruption. A recent patch has been implemented to add a sanity check on the dnode page within the truncate_dnode() function. This enhancement aims to prevent the triggering of the vulnerability, and in case of issues, it records a new error, ERROR_INVALID_NODE_REFERENCE, into the superblock. This will enable filesystem checks (fsck) to detect and attempt repairs for such issues, bolstering the robustness of the f2fs file system.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 6.4.10 <= 6.4.*