CVE-2026-31702

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the f2fs compress write end io() function. The dec page count(sbi, type) function can reduce the F2FS WB CP DATA counter to zero, which may unblock f2fs wait on all pages() within f2fs put super() on a concurrent unmount CPU. This allows the unmount process to execute f2fs destroy page array cache(sbi), destroying the sbi->page array slab via kmem cache destroy() and eventually freeing sbi via kfree(sbi). If the bio completion callback is still executing, it may dereference the destroyed sbi->page array slab when calling page array free(sbi, ...), leading to a use-after-free condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.