CVE-2026-23235

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes. Specifically, certain f2fs sysfs attributes, such as carve out and atgc age threshold, are susceptible to this issue. The carve out attribute, mapped to struct f2fs sb info->carve out, is an 8-bit integer but can be set to values exceeding 255 through the sysfs interface. The atgc age threshold attribute, mapped to struct atgc management->age threshold, is a 64-bit integer, but the sysfs interface cannot correctly handle values larger than UINT MAX. The root causes are related to the sbi store() and f2fs sbi show() functions, which incorrectly treat all default values as unsigned integers, leading to out-of-bounds writes and reads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.