CVE-2026-23235

Description

In the Linux kernel, the following vulnerability has been resolved:f2fs: fix out-of-bounds access in sysfs attribute read/writeSome f2fs sysfs attributes suffer from out-of-bounds memory access andincorrect handling of integer values whose size is not 4 bytes.For example:vm:~# echo 65537 > /sys/fs/f2fs/vde/carve_outvm:~# cat /sys/fs/f2fs/vde/carve_out65537vm:~# echo 4294967297 > /sys/fs/f2fs/vde/atgc_age_thresholdvm:~# cat /sys/fs/f2fs/vde/atgc_age_threshold1carve_out maps to {struct f2fs_sb_info}->carve_out, which is a 8-bitinteger. However, the sysfs interface allows setting it to a valuelarger than 255, resulting in an out-of-range update.atgc_age_threshold maps to {struct atgc_management}->age_threshold,which is a 64-bit integer, but its sysfs interface cannot correctly setvalues larger than UINT_MAX.The root causes are:1. __sbi_store() treats all default values as unsigned int, whichprevents updating integers larger than 4 bytes and causes out-of-boundswrites for integers smaller than 4 bytes.2. f2fs_sbi_show() also assumes all default values are unsigned int,leading to out-of-bounds reads and incorrect access to integers largerthan 4 bytes.This patch introduces {struct f2fs_attr}->size to record the actual sizeof the integer associated with each sysfs attribute. With thisinformation, sysfs read and write operations can correctly access andupdate values according to their real data size, avoiding memorycorruption and truncation.

Risk Information

Base Score

7.1

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score

Exploitation Probability

0.013

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234