CVE-2023-53537

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to the f2fs filesystem. A use-after-free issue can occur for cached IPU bio objects. Specifically, after an error condition is set, the f2fs submit merged ipu write() function attempts to flush IPU bio in the cache without validating the bio parameter. This can lead to submitting a bio object belonging to a different IO context, resulting in a use-after-free condition. The issue is triggered in the f2fs write single data page() function during the flushing of IPU bio objects. The root cause is a missing validity check of the bio parameter within f2fs submit merged ipu write().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.