CVE-2023-54182
Description
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to check readonly condition correctly
With below case, it can mount multi-device image w/ rw option, however one of secondary device is set as ro, later update will cause panic, so let's introduce f2fs_dev_is_readonly(), and check multi-devices rw status in f2fs_remount() w/ it in order to avoid such inconsistent mount status.
mkfs.f2fs -c /dev/zram1 /dev/zram0 -f blockdev --setro /dev/zram1 mount -t f2fs dev/zram0 /mnt/f2fs mount: /mnt/f2fs: WARNING: source write-protected, mounted read-only. mount -t f2fs -o remount,rw mnt/f2fs dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=8192
kernel BUG at fs/f2fs/inline.c:258! RIP: 0010:f2fs_write_inline_data+0x23e/0x2d0 [f2fs] Call Trace: f2fs_write_single_data_page+0x26b/0x9f0 [f2fs] f2fs_write_cache_pages+0x389/0xa60 [f2fs] __f2fs_write_data_pages+0x26b/0x2d0 [f2fs] f2fs_write_data_pages+0x2e/0x40 [f2fs] do_writepages+0xd3/0x1b0 __writeback_single_inode+0x5b/0x420 writeback_sb_inodes+0x236/0x5a0 __writeback_inodes_wb+0x56/0xf0 wb_writeback+0x2a3/0x490 wb_do_writeback+0x2b2/0x330 wb_workfn+0x6a/0x260 process_one_work+0x270/0x5e0 worker_thread+0x52/0x3e0 kthread+0xf4/0x120 ret_from_fork+0x29/0x50
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel f2fs bug allows mounting a multi-device filesystem with inconsistent read-only status, leading to a kernel panic on write.
Vulnerability
Description
In the Linux kernel's f2fs (Flash-Friendly File System) implementation, a flaw exists in the mount and remount logic when handling multi-device configurations. The vulnerability arises because the kernel does not correctly verify the read-only status of all secondary devices before allowing a read-write mount or remount operation. Specifically, when a secondary device is set to read-only (read-only) via blockdev --setro, the filesystem can still be mounted as read-write, leading to an inconsistent state [1].
Exploitation
An attacker with local access can exploit this by first creating a multi-device f2fs filesystem where one device is marked read-only. Then, they can mount the filesystem with a read-write option, bypassing the intended protection. A subsequent write operation, such as dd if=/dev/zero of=/mnt/f2fs/file, triggers a kernel BUG at fs/f2fs/inline.c:258 in the f2fs_write_inline_data function, causing a kernel panic [1]. The attack requires the ability to create and mount filesystems, which typically needs root privileges, but the impact is a denial of service (system crash).
Impact
Successful exploitation results in a kernel panic, leading to a denial of service (DoS) for the entire system. The vulnerability does not provide code execution or privilege escalation, but it can be used to crash a system reliably. The issue is present in the Linux kernel's f2fs subsystem and affects systems using multi-device f2fs configurations.
Mitigation
The fix introduces a new helper function f2fs_dev_is_readonly() and modifies f2fs_remount() to check the read-only status of all devices before allowing a remount to read-write. The patch has been applied to the stable kernel tree [1]. Users should update their kernel to a version containing this fix. There is no known workaround other than avoiding multi-device f2fs mounts with mixed read-only/read-write devices.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
4e2759a59a4cce05d63f8b48ada8c535b2869d78dfefcde9dVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.