Linux Kernel F2FS Filesystem Use-After-Free Vulnerability in Write I/O Handling

A use-after-free vulnerability has been identified in the Linux kernel's F2FS (Flash-Friendly File System) implementation. This issue arises in the write I/O completion function, where the filesystem's internal page count is decremented after a pointer to the node inode is set to NULL. This sequence creates a race condition that can be exploited, leading to a NULL pointer dereference and a subsequent system panic. The vulnerability has been reported by the syzbot automated testing tool and is present in the stable version of the Linux kernel.

Impact

Exploitation of this vulnerability causes a system panic due to a NULL pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by triggering a write I/O operation in the F2FS filesystem, followed by unmounting the filesystem. This sequence of actions will cause the write callback to attempt to access a now-NULL node inode, leading to a panic.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.