CVE-2023-54068 (GCVE-0-2023-54068)

Vulnerability from cvelistv5 – Published: 2025-12-24 12:23 – Updated: 2025-12-24 12:23
VLAI?
Title
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages() BUG_ON() will be triggered when writing files concurrently, because the same page is writtenback multiple times. 1597 void folio_end_writeback(struct folio *folio) 1598 { ...... 1618 if (!__folio_end_writeback(folio)) 1619 BUG(); ...... 1625 } kernel BUG at mm/filemap.c:1619! Call Trace: <TASK> f2fs_write_end_io+0x1a0/0x370 blk_update_request+0x6c/0x410 blk_mq_end_request+0x15/0x130 blk_complete_reqs+0x3c/0x50 __do_softirq+0xb8/0x29b ? sort_range+0x20/0x20 run_ksoftirqd+0x19/0x20 smpboot_thread_fn+0x10b/0x1d0 kthread+0xde/0x110 ? kthread_complete_and_exit+0x20/0x20 ret_from_fork+0x22/0x30 </TASK> Below is the concurrency scenario: [Process A] [Process B] [Process C] f2fs_write_raw_pages() - redirty_page_for_writepage() - unlock page() f2fs_do_write_data_page() - lock_page() - clear_page_dirty_for_io() - set_page_writeback() [1st writeback] ..... - unlock page() generic_perform_write() - f2fs_write_begin() - wait_for_stable_page() - f2fs_write_end() - set_page_dirty() - lock_page() - f2fs_do_write_data_page() - set_page_writeback() [2st writeback] This problem was introduced by the previous commit 7377e853967b ("f2fs: compress: fix potential deadlock of compress file"). All pagelocks were released in f2fs_write_raw_pages(), but whether the page was in the writeback state was ignored in the subsequent writing process. Let's fix it by waiting for the page to writeback before writing.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < a8226a45b2a9ce83ba7a167a387a00fecc319e71 (git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 169134da419cb8ffbe3b0743bc24573e16952ea9 (git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 6604df2a9d07ba8f8fb1ac14046c2c83776faa4f (git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < 9940877c4fe752923a53f0f7372f2f152b6eccf0 (git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < ad31eed06c3b4d63b2d38322a271d4009aee4bb3 (git)
Affected: 4c8ff7095bef64fc47e996a938f7d57f9e077da3 , < babedcbac164cec970872b8097401ca913a80e61 (git)
Create a notification for this product.
    Linux Linux Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.180 , ≤ 5.10.* (semver)
Unaffected: 5.15.111 , ≤ 5.15.* (semver)
Unaffected: 6.1.28 , ≤ 6.1.* (semver)
Unaffected: 6.2.15 , ≤ 6.2.* (semver)
Unaffected: 6.3.2 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/compress.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a8226a45b2a9ce83ba7a167a387a00fecc319e71",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            },
            {
              "lessThan": "169134da419cb8ffbe3b0743bc24573e16952ea9",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            },
            {
              "lessThan": "6604df2a9d07ba8f8fb1ac14046c2c83776faa4f",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            },
            {
              "lessThan": "9940877c4fe752923a53f0f7372f2f152b6eccf0",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            },
            {
              "lessThan": "ad31eed06c3b4d63b2d38322a271d4009aee4bb3",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            },
            {
              "lessThan": "babedcbac164cec970872b8097401ca913a80e61",
              "status": "affected",
              "version": "4c8ff7095bef64fc47e996a938f7d57f9e077da3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/compress.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.180",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.111",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.28",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.15",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.2",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()\n\nBUG_ON() will be triggered when writing files concurrently,\nbecause the same page is writtenback multiple times.\n\n1597 void folio_end_writeback(struct folio *folio)\n1598 {\n\t\t......\n1618     if (!__folio_end_writeback(folio))\n1619         BUG();\n\t\t......\n1625 }\n\nkernel BUG at mm/filemap.c:1619!\nCall Trace:\n \u003cTASK\u003e\n f2fs_write_end_io+0x1a0/0x370\n blk_update_request+0x6c/0x410\n blk_mq_end_request+0x15/0x130\n blk_complete_reqs+0x3c/0x50\n __do_softirq+0xb8/0x29b\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x19/0x20\n smpboot_thread_fn+0x10b/0x1d0\n kthread+0xde/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n \u003c/TASK\u003e\n\nBelow is the concurrency scenario:\n\n[Process A]\t\t[Process B]\t\t[Process C]\nf2fs_write_raw_pages()\n  - redirty_page_for_writepage()\n  - unlock page()\n\t\t\tf2fs_do_write_data_page()\n\t\t\t  - lock_page()\n\t\t\t  - clear_page_dirty_for_io()\n\t\t\t  - set_page_writeback() [1st writeback]\n\t\t\t    .....\n\t\t\t    - unlock page()\n\n\t\t\t\t\t\tgeneric_perform_write()\n\t\t\t\t\t\t  - f2fs_write_begin()\n\t\t\t\t\t\t    - wait_for_stable_page()\n\n\t\t\t\t\t\t  - f2fs_write_end()\n\t\t\t\t\t\t    - set_page_dirty()\n\n  - lock_page()\n    - f2fs_do_write_data_page()\n      - set_page_writeback() [2st writeback]\n\nThis problem was introduced by the previous commit 7377e853967b (\"f2fs:\ncompress: fix potential deadlock of compress file\"). All pagelocks were\nreleased in f2fs_write_raw_pages(), but whether the page was\nin the writeback state was ignored in the subsequent writing process.\nLet\u0027s fix it by waiting for the page to writeback before writing."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-24T12:23:12.818Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a8226a45b2a9ce83ba7a167a387a00fecc319e71"
        },
        {
          "url": "https://git.kernel.org/stable/c/169134da419cb8ffbe3b0743bc24573e16952ea9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6604df2a9d07ba8f8fb1ac14046c2c83776faa4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/9940877c4fe752923a53f0f7372f2f152b6eccf0"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad31eed06c3b4d63b2d38322a271d4009aee4bb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/babedcbac164cec970872b8097401ca913a80e61"
        }
      ],
      "title": "f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-54068",
    "datePublished": "2025-12-24T12:23:12.818Z",
    "dateReserved": "2025-12-24T12:21:05.092Z",
    "dateUpdated": "2025-12-24T12:23:12.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-54068\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:16:08.640\",\"lastModified\":\"2025-12-24T13:16:08.640\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()\\n\\nBUG_ON() will be triggered when writing files concurrently,\\nbecause the same page is writtenback multiple times.\\n\\n1597 void folio_end_writeback(struct folio *folio)\\n1598 {\\n\\t\\t......\\n1618     if (!__folio_end_writeback(folio))\\n1619         BUG();\\n\\t\\t......\\n1625 }\\n\\nkernel BUG at mm/filemap.c:1619!\\nCall Trace:\\n \u003cTASK\u003e\\n f2fs_write_end_io+0x1a0/0x370\\n blk_update_request+0x6c/0x410\\n blk_mq_end_request+0x15/0x130\\n blk_complete_reqs+0x3c/0x50\\n __do_softirq+0xb8/0x29b\\n ? sort_range+0x20/0x20\\n run_ksoftirqd+0x19/0x20\\n smpboot_thread_fn+0x10b/0x1d0\\n kthread+0xde/0x110\\n ? kthread_complete_and_exit+0x20/0x20\\n ret_from_fork+0x22/0x30\\n \u003c/TASK\u003e\\n\\nBelow is the concurrency scenario:\\n\\n[Process A]\\t\\t[Process B]\\t\\t[Process C]\\nf2fs_write_raw_pages()\\n  - redirty_page_for_writepage()\\n  - unlock page()\\n\\t\\t\\tf2fs_do_write_data_page()\\n\\t\\t\\t  - lock_page()\\n\\t\\t\\t  - clear_page_dirty_for_io()\\n\\t\\t\\t  - set_page_writeback() [1st writeback]\\n\\t\\t\\t    .....\\n\\t\\t\\t    - unlock page()\\n\\n\\t\\t\\t\\t\\t\\tgeneric_perform_write()\\n\\t\\t\\t\\t\\t\\t  - f2fs_write_begin()\\n\\t\\t\\t\\t\\t\\t    - wait_for_stable_page()\\n\\n\\t\\t\\t\\t\\t\\t  - f2fs_write_end()\\n\\t\\t\\t\\t\\t\\t    - set_page_dirty()\\n\\n  - lock_page()\\n    - f2fs_do_write_data_page()\\n      - set_page_writeback() [2st writeback]\\n\\nThis problem was introduced by the previous commit 7377e853967b (\\\"f2fs:\\ncompress: fix potential deadlock of compress file\\\"). All pagelocks were\\nreleased in f2fs_write_raw_pages(), but whether the page was\\nin the writeback state was ignored in the subsequent writing process.\\nLet\u0027s fix it by waiting for the page to writeback before writing.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/169134da419cb8ffbe3b0743bc24573e16952ea9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6604df2a9d07ba8f8fb1ac14046c2c83776faa4f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9940877c4fe752923a53f0f7372f2f152b6eccf0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a8226a45b2a9ce83ba7a167a387a00fecc319e71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ad31eed06c3b4d63b2d38322a271d4009aee4bb3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/babedcbac164cec970872b8097401ca913a80e61\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.