Bug 2420311 (CVE-2023-53838)

Summary: CVE-2023-53838 kernel: f2fs: synchronize atomic write aborts
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A race condition was found in the F2FS filesystem's atomic write abort handling in the Linux kernel. Concurrent atomic write abort operations lack proper synchronization, which can lead to inconsistent COW (copy-on-write) inode state and potential use-after-free or data corruption scenarios.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-12-09 02:02:00 UTC 
In the Linux kernel, the following vulnerability has been resolved:

f2fs: synchronize atomic write aborts

To fix a race condition between atomic write aborts, I use the inode
lock and make COW inode to be re-usable thoroughout the whole
atomic file inode lifetime.
Comment 1 Alexander B 2025-12-10 02:30:52 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025120956-CVE-2023-53838-4c32@gregkh/T