ghsa-x74x-w5qg-98qh
Vulnerability from github
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid potential memory corruption in __update_iostat_latency()
Add iotype sanity check to avoid potential memory corruption. This is to fix the compile error below:
fs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow 'io_lat->peak_lat[type]' 3 <= 3
vim +228 fs/f2fs/iostat.c
211 static inline void __update_iostat_latency(struct bio_iostat_ctx iostat_ctx, 212 enum iostat_lat_type type) 213 { 214 unsigned long ts_diff; 215 unsigned int page_type = iostat_ctx->type; 216 struct f2fs_sb_info sbi = iostat_ctx->sbi; 217 struct iostat_lat_info *io_lat = sbi->iostat_io_lat; 218 unsigned long flags; 219 220 if (!sbi->iostat_enable) 221 return; 222 223 ts_diff = jiffies - iostat_ctx->submit_ts; 224 if (page_type >= META_FLUSH) ^^^^^^^^^^
225 page_type = META; 226 227 spin_lock_irqsave(&sbi->iostat_lat_lock, flags); @228 io_lat->sum_lat[type][page_type] += ts_diff; ^^^^^^^^^ Mixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.
{
"affected": [],
"aliases": [
"CVE-2023-53214"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-15T15:15:48Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential memory corruption in __update_iostat_latency()\n\nAdd iotype sanity check to avoid potential memory corruption.\nThis is to fix the compile error below:\n\nfs/f2fs/iostat.c:231 __update_iostat_latency() error: buffer overflow\n\u0027io_lat-\u003epeak_lat[type]\u0027 3 \u003c= 3\n\nvim +228 fs/f2fs/iostat.c\n\n 211 static inline void __update_iostat_latency(struct bio_iostat_ctx\n\t*iostat_ctx,\n 212\t\t\t\t\tenum iostat_lat_type type)\n 213 {\n 214\t\tunsigned long ts_diff;\n 215\t\tunsigned int page_type = iostat_ctx-\u003etype;\n 216\t\tstruct f2fs_sb_info *sbi = iostat_ctx-\u003esbi;\n 217\t\tstruct iostat_lat_info *io_lat = sbi-\u003eiostat_io_lat;\n 218\t\tunsigned long flags;\n 219\n 220\t\tif (!sbi-\u003eiostat_enable)\n 221\t\t\treturn;\n 222\n 223\t\tts_diff = jiffies - iostat_ctx-\u003esubmit_ts;\n 224\t\tif (page_type \u003e= META_FLUSH)\n ^^^^^^^^^^\n\n 225\t\t\tpage_type = META;\n 226\n 227\t\tspin_lock_irqsave(\u0026sbi-\u003eiostat_lat_lock, flags);\n @228\t\tio_lat-\u003esum_lat[type][page_type] += ts_diff;\n ^^^^^^^^^\nMixup between META_FLUSH and NR_PAGE_TYPE leads to memory corruption.",
"id": "GHSA-x74x-w5qg-98qh",
"modified": "2025-09-15T15:31:28Z",
"published": "2025-09-15T15:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53214"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0dbbf0fb38d5ec5d4138d1aeaeb43d9217b9a592"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/20b4f3de0f3932f71b4a8daf0671e517a8d98022"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/22ddbbff116ee7dce5431feb1c0f36a507d2d68d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa4d726af72a21732ce120484e0b1240674a13b3"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.