CVE-2023-53301
HIGHCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix kernel crash due to null io->bio We should return when io->bio is null before doing anything. Otherwise, panic. BUG: kernel NULL pointer dereference, address: 0000000000000010 RIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs] Call Trace: <TASK> f2fs_submit_merged_write+0x1d/0x30 [f2fs] commit_checkpoint+0x110/0x1e0 [f2fs] f2fs_write_checkpoint+0x9f7/0xf00 [f2fs] ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs] __checkpoint_and_complete_reqs+0x84/0x190 [f2fs] ? preempt_count_add+0x82/0xc0 ? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs] issue_checkpoint_thread+0x4c/0xf0 [f2fs] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xff/0x130 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 </TASK>
Analysis
A null pointer dereference vulnerability exists in the Linux kernel's F2FS (Flash-Friendly File System) implementation that can cause a kernel panic and system crash. The vulnerability occurs in the __submit_merged_write_cond function when the io->bio field is null during checkpoint operations, allowing a local authenticated attacker to trigger a denial of service condition. With an EPSS score of 0.01% (2nd percentile), exploitation probability is currently very low in the wild, and patches are available from the vendor.
Technical Context
The vulnerability affects the Linux kernel's F2FS file system, specifically in the write submission and checkpoint mechanism. F2FS is a log-structured file system designed for flash storage devices. The affected code path involves __submit_merged_write_cond, f2fs_submit_merged_write, and commit_checkpoint functions, where insufficient null pointer validation of the io->bio structure leads to a kernel NULL pointer dereference at address 0x0000000000000010. This represents a classic null pointer dereference bug where kernel code attempts to access memory through a null pointer without proper validation. The vulnerability manifests during checkpoint operations when the issue_checkpoint_thread attempts to flush merged writes to storage.
Affected Products
The Linux kernel is affected by this vulnerability, specifically versions containing the vulnerable F2FS file system code prior to the patch commits. According to CPE data, the affected product is identified as cpe:2.3:o:linux:linux_kernel. The vulnerability was introduced in the F2FS implementation and affects Linux kernel versions that include the checkpoint thread functionality. Specific version ranges are not explicitly documented in the available data, but the three patch commits (267c159f9c7b, 83dbb9a1bd5e, and eb52f13c6093) available at git.kernel.org indicate the fix has been backported to multiple stable kernel branches. Organizations running Linux systems with F2FS file system support should verify their kernel version against the patched commits.
Remediation
Update the Linux kernel to a version containing one of the three patch commits that address this vulnerability: 267c159f9c7bcb7009dae16889b880c5ed8759a8, 83dbb9a1bd5ef2eea73275906fc50b2fdda39cd5, or eb52f13c6093ac761dbeaa459c810fc0253209fc, available from the official Linux kernel stable git repository at git.kernel.org. The patches add proper null pointer validation to check if io->bio is null before attempting to access it in the __submit_merged_write_cond function. System administrators should apply the latest stable kernel updates from their Linux distribution, as most distributions backport security fixes to their supported kernel versions. Until patching is complete, organizations highly dependent on system availability may consider limiting local user access to systems using F2FS file systems or monitoring for unexpected kernel panics related to F2FS checkpoint operations, though these workarounds provide limited protection given the local authenticated access requirement.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today