CVE-2023-52770

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.12/6.6.2

Description A vulnerability in the Linux kernel's f2fs component can cause a null pointer dereference, leading to a panic. This issue occurs when a file with a compressed flag is created, compression is disabled, and the extent cache is updated. The vulnerability can be triggered by calling creat(), ioctl(F2FS IOC SET PIN FILE), and fallocate(2097152 * N) in sequence. Technical details include a null pointer dereference in instrument atomic read write, atomic try cmpxchg acquire, queued write lock, raw write lock, and raw write lock.

Recommendations To resolve this issue, upgrade the Linux kernel to version 6.5.12/6.6.2 or later. As a temporary workaround, consider disabling the f2fs component or restricting its use until a patch is available. Avoid using the fallocate function with large values, as this can trigger the vulnerability. Additionally, be cautious when creating files with compressed flags and subsequently disabling compression.