Linux Kernel F2FS Use-After-Free Vulnerability in Bio Merging Function

A use-after-free vulnerability has been identified in the Linux kernel's F2FS file system, specifically within the 'f2fs_merge_page_bio' function. This vulnerability leads to a kernel NULL pointer dereference, causing a system panic. The issue arises from a race condition where a cached bio, containing references to data pages, is submitted for writing before the bio can be safely processed, allowing the referenced pages to be freed prematurely. The vulnerability affects Linux kernel versions prior to 6.12.30-android16-5.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced using two concurrent scripts. The first script writes data to a file on an F2FS file system and synchronizes the changes. The second script performs the same operation on the same file, creating a race condition that triggers the use-after-free vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.