CVE-2023-54182
Unknown Unknown - Not Provided
Use-After-Free in Linux Kernel f2fs Causes System Panic

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check readonly condition correctly With below case, it can mount multi-device image w/ rw option, however one of secondary device is set as ro, later update will cause panic, so let's introduce f2fs_dev_is_readonly(), and check multi-devices rw status in f2fs_remount() w/ it in order to avoid such inconsistent mount status. mkfs.f2fs -c /dev/zram1 /dev/zram0 -f blockdev --setro /dev/zram1 mount -t f2fs dev/zram0 /mnt/f2fs mount: /mnt/f2fs: WARNING: source write-protected, mounted read-only. mount -t f2fs -o remount,rw mnt/f2fs dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=8192 kernel BUG at fs/f2fs/inline.c:258! RIP: 0010:f2fs_write_inline_data+0x23e/0x2d0 [f2fs] Call Trace: f2fs_write_single_data_page+0x26b/0x9f0 [f2fs] f2fs_write_cache_pages+0x389/0xa60 [f2fs] __f2fs_write_data_pages+0x26b/0x2d0 [f2fs] f2fs_write_data_pages+0x2e/0x40 [f2fs] do_writepages+0xd3/0x1b0 __writeback_single_inode+0x5b/0x420 writeback_sb_inodes+0x236/0x5a0 __writeback_inodes_wb+0x56/0xf0 wb_writeback+0x2a3/0x490 wb_do_writeback+0x2b2/0x330 wb_workfn+0x6a/0x260 process_one_work+0x270/0x5e0 worker_thread+0x52/0x3e0 kthread+0xf4/0x120 ret_from_fork+0x29/0x50
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-05-07
AI Q&A
2025-12-30
EPSS Evaluated
2026-05-05
NVD
CVE-2023-54182
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux f2fs *
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel's f2fs filesystem occurs when mounting a multi-device image with the read-write option, but one of the secondary devices is set as read-only. The kernel did not correctly check the read-only condition for all devices, leading to an inconsistent mount status. This inconsistency can cause a kernel panic during later updates or writes to the filesystem. The fix involves introducing a function to check the read-only status of all devices and ensuring consistent read-write status during remount operations.


How can this vulnerability impact me? :

If you mount a multi-device f2fs filesystem with one device set as read-only but attempt to remount it as read-write, this vulnerability can cause the Linux kernel to panic, leading to system crashes and potential data loss or corruption during write operations.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

You can detect this vulnerability by checking if a multi-device f2fs filesystem is mounted with inconsistent read-write and read-only device statuses. Commands to help detect this include: 1. Use 'mount' to check f2fs mounts and their options. 2. Use 'blockdev --getro /dev/<device>' to check if any device is set as read-only. 3. Attempt remounting with 'mount -t f2fs -o remount,rw /mnt/f2fs' and observe warnings or errors. Example commands: - mkfs.f2fs -c /dev/zram1 /dev/zram0 -f - blockdev --setro /dev/zram1 - mount -t f2fs /dev/zram0 /mnt/f2fs - mount -t f2fs -o remount,rw /mnt/f2fs If the system panics or shows kernel BUG messages related to f2fs inline data writes, it indicates the vulnerability is present.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include ensuring that all devices in a multi-device f2fs mount are consistently set to read-write or read-only to avoid inconsistent mount status. Avoid remounting f2fs filesystems with mixed read-only and read-write devices. Applying the kernel patch that introduces the f2fs_dev_is_readonly() check in f2fs_remount() is necessary to prevent the panic caused by this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart