CVE-2026-23234

CWE-416Use After Free8 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedMar 4
Latest updateMar 10

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free issue in f2fs_write_end_io(). It is caused by below race condition: loop device umount - worker_thread - loop_process_work - do_req_filebacked - lo_rw_aio - lo_rw_aio_complete - blk_mq_end_request - blk_update_request - f2fs_write_end_io - dec_page_count - folio_end_writeback - kill_f2fs_super - kill_block_super - f2fs_put_super : free(sbi) :

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel3.135.10.251+6
CVEListV5linux/linuxe234088758fca3a669ebb1a02d8bf7bf60f0e4ff0fb58aff0dafd6837cc91f4154f3ed6e020358fa+8
Debianlinux< 5.10.251-1+3
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
f2fs: fix to avoid UAF in f2fs_write_end_io()2026-03-04
GHSA
GHSA-chrj-6658-798c: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-fr2026-03-04
OSV
CVE-2026-23234: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free2026-03-04

📋Vendor Advisories

3
Microsoft
f2fs: fix to avoid UAF in f2fs_write_end_io()2026-03-10
Red Hat
kernel: f2fs: fix to avoid UAF in f2fs_write_end_io()2026-03-04
Debian
CVE-2026-23234: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23234 Impact, Exploitability, and Mitigation Steps | Wiz