Volerion logoVolerion
Volerion logoVolerion

Linux Kernel F2FS Out-of-Bounds Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's F2FS (Flash-Friendly File System) has been identified, where the system improperly accesses data nodes, leading to out-of-bounds memory access. This issue arises when a data node shares the same ID as its corresponding inode, causing the file system to misinterpret the node type and access memory incorrectly. The vulnerability has been addressed by implementing a sanity check for node IDs in direct nodes during data node retrieval.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a corrupted F2FS image where a data node shares the same node ID as its inode. When the file system processes this node, it will incorrectly access memory, leading to an out-of-bounds read or write.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Aug 30, 2025, 10:21 AM
Updated: Aug 30, 2025, 10:21 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.4
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.