CVE-2023-52682

Vulnerability

The Linux kernel f2fs filesystem contains a race condition in the f2fs_inplace_write_data path. Specifically, when an inode is compressed but not encrypted, the kernel fails to call f2fs_wait_on_block_writeback(). This omission allows the garbage collection (GC) thread to perform out-of-order writes while a page writeback is in progress, leading to potential data inconsistency [1].

Exploitation

An attacker requires local access to a system utilizing the f2fs filesystem with compression enabled. Exploitation involves triggering a race condition between the GC thread and a standard write operation on a compressed, non-encrypted file. By timing the f2fs_inplace_write_data operation to coincide with the GC thread's move_data_block execution, an attacker can cause the kernel to process overlapping IO requests, resulting in stale data overriding newer data [1].

Impact

Successful exploitation of this vulnerability leads to data corruption within the f2fs filesystem. This can result in the loss of data integrity for files stored on the affected partition, potentially impacting system stability or the reliability of stored information [1].

Mitigation

This issue was resolved in the Linux kernel by ensuring f2fs_wait_on_block_writeback() is called during the IPU write path for compressed inodes. Users should update to a patched kernel version, such as 6.8.10, 6.6.31, or later versions where this fix has been backported [1].