CVE-2023-52848

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the f2fs reference count leak

Description The issue is related to a reference count leak in the f2fs component of the Linux kernel. During the f2fs put super() function, a sanity check is performed on the dirty and IO reference count of f2fs. If there is any reference count leak, it will trigger a panic. The root cause is that during f2fs put super(), if there is any IO error in f2fs wait on all pages(), the meta inode's page cache is not truncated later, resulting in a panic. This can be exploited to cause a denial of service.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the f2fs reference count leak. As a temporary workaround, consider disabling the f2fs put super() function until a patch is available. Restrict access to the f2fs component to minimize the risk of exploitation. Avoid using the f2fs filesystem until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.