Linux Kernel F2FS Filesystem Use-After-Free Vulnerability in Decompression Handling

A use-after-free vulnerability has been identified in the F2FS (Flash-Friendly File System) component of the Linux kernel. This issue arises during the handling of compressed data, specifically in the asynchronous release of the decompression context after I/O operations are completed. If a file is read and then deleted before the associated cleanup work is processed, the inode can be freed prematurely. This leads to a use-after-free scenario when the freed inode is accessed later in the decompression workflow.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by reading a compressed file in F2FS and then deleting it before the post-read cleanup work has been completed. This can be achieved by initiating a read operation on a compressed file, followed by an immediate deletion of the file before the read operation has been fully processed, particularly under conditions of high system workload.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading can be found in the official Linux kernel documentation.