Linux Kernel F2FS Filesystem Use-After-Free Vulnerability in Inode Management

A use-after-free vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation, specifically in versions 6.1.129 and prior. This vulnerability arises during the eviction of inodes, where a corrupted inode can lead to a failure in updating inode metadata. As a result, the system misses clearing the dirty status of the inode, which can cause a kernel panic. The issue was reported by syzbot and is related to the handling of directory entries and inode synchronization.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by unlinking files in a directory managed by F2FS, while the filesystem check feature is enabled. This process triggers a panic due to the mishandling of inode metadata, as the corrupted inode cannot be properly loaded, leading to a missed synchronization step that clears the inode's dirty status.

Remediation

Users can upgrade to Linux kernel versions 6.16-rc4 or later, where this vulnerability has been fixed.