CVE-2023-2898

2023-05-2600:00:00

ubuntu.com

f2fs

linux kernel

denial of service

local privileged user

file system image

null pointer dereference

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

There is a null-pointer-dereference flaw found in f2fs_write_end_io in
fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged
user to cause a denial of service problem.

Bugs

Notes

Author	Note
	Priority reason: Requires a specially constructed f2fs file system image to be mounted to exploit.
sbeattie	proposed patch is “f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()”

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlinux< 5.15.0-83.92UNKNOWN
ubuntu23.04noarchlinux< 6.2.0-32.32UNKNOWN
ubuntu23.10noarchlinux< anyUNKNOWN
ubuntu24.04noarchlinux< anyUNKNOWN
ubuntu22.04noarchlinux-aws< 5.15.0-1044.49UNKNOWN
ubuntu23.04noarchlinux-aws< 6.2.0-1011.11UNKNOWN
ubuntu23.10noarchlinux-aws< anyUNKNOWN
ubuntu24.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-aws-5.15< 5.15.0-1044.49~20.04.1UNKNOWN
ubuntu22.04noarchlinux-aws-6.2< 6.2.0-1011.11~22.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	linux	< 5.15.0-83.92	UNKNOWN
ubuntu	23.04	noarch	linux	< 6.2.0-32.32	UNKNOWN
ubuntu	23.10	noarch	linux	< any	UNKNOWN
ubuntu	24.04	noarch	linux	< any	UNKNOWN
ubuntu	22.04	noarch	linux-aws	< 5.15.0-1044.49	UNKNOWN
ubuntu	23.04	noarch	linux-aws	< 6.2.0-1011.11	UNKNOWN
ubuntu	23.10	noarch	linux-aws	< any	UNKNOWN
ubuntu	24.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.15	< 5.15.0-1044.49~20.04.1	UNKNOWN
ubuntu	22.04	noarch	linux-aws-6.2	< 6.2.0-1011.11~22.04.1	UNKNOWN