CVE-2026-23267

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains an issue in the F2FS filesystem related to an inconsistency in the IS CHECKPOINTED flag. This occurs due to concurrent atomic commit and checkpoint writes. Specifically, under certain conditions involving simultaneous operations from two threads (Thread A and Thread B), the IS CHECKPOINTED flag within a nat entry structure might not be correctly set. This can lead to a scenario where a dentry mark is set and a folio is written again unnecessarily after a checkpoint write has completed. The issue manifests during SPO (Shoot-Parity Optimization) tests and can result in a non-NULL blk addr in node info after a reboot. The problem is isolated to atomic write scenarios and does not affect regular file fsync operations where the folio is dirty. The root cause is related to the order of operations and the acquisition of sbi->node write during atomic file fsync. The vulnerability involves the following: - API Endpoints: f2fs ioc commit atomic write - Vulnerable Parameters or Variables: last folio, nat entry, node info, sbi (superblock information), ino (inode number) - Function Names: f2fs recover inode page, f2fs do sync file, f2fs fsync node pages, f2fs write checkpoint, f2fs flush nat entries, f2fs need dentry mark, write node folio, f2fs do write node page

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.