CVE-2025-38627
Description
In the Linux kernel, the following vulnerability has been resolved:f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dicThe decompress_io_ctx may be released asynchronously afterI/O completion. If this file is deleted immediately after read,and the kworker of processing post_read_wq has not been executed yetdue to high workloads, It is possible that the inode(f2fs_inode_info)is evicted and freed before it is used f2fs_free_dic. The UAF case as below: Thread A Thread B - f2fs_decompress_end_io - f2fs_put_dic - queue_work add free_dic work to post_read_wq - do_unlink - iput - evict - call_rcu This file is deleted after read. Thread C kworker to process post_read_wq - rcu_do_batch - f2fs_free_inode - kmem_cache_free inode is freed by rcu - process_scheduled_works - f2fs_late_free_dic - f2fs_free_dic - f2fs_release_decomp_mem read (dic->inode)->i_compress_algorithmThis patch store compress_algorithm and sbi in dic to avoid inode UAF.In addition, the previous solution is deprecated in [1] may cause system hang.[1] https://lore.kernel.org/all/c36ab955-c8db-4a8b-a9d0-f07b5f426c3f@kernel.org
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234