CVE-2023-54151: f2fs: Fix system crash due to lack of free space in LFS
In the Linux kernel, the following vulnerability has been resolved:
f2fs: Fix system crash due to lack of free space in LFS
When f2fs tries to checkpoint during foreground gc in LFS mode, system
crash occurs due to lack of free space if the amount of dirty node and
dentry pages generated by data migration exceeds free space.
The reproduction sequence is as follows.
- 20GiB capacity block device (null_blk)
- format and mount with LFS mode
- create a file and write 20,000MiB
- 4k random write on full range of the file
RIP: 0010:new_curseg+0x48a/0x510 [f2fs]
Code: 55 e7 f5 89 c0 48 0f af c3 48 8b 5d c0 48 c1 e8 20 83 c0 01 89 43 6c 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc <0f> 0b f0 41 80 4f 48 04 45 85 f6 0f 84 ba fd ff ff e9 ef fe ff ff
RSP: 0018:ffff977bc397b218 EFLAGS: 00010246
RAX: 00000000000027b9 RBX: 0000000000000000 RCX: 00000000000027c0
RDX: 0000000000000000 RSI: 00000000000027b9 RDI: ffff8c25ab4e74f8
RBP: ffff977bc397b268 R08: 00000000000027b9 R09: ffff8c29e4a34b40
R10: 0000000000000001 R11: ffff977bc397b0d8 R12: 0000000000000000
R13: ffff8c25b4dd81a0 R14: 0000000000000000 R15: ffff8c2f667f9000
FS: 0000000000000000(0000) GS:ffff8c344ec80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00055d000 CR3: 0000000e30810003 CR4: 00000000003706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
allocate_segment_by_default+0x9c/0x110 [f2fs]
f2fs_allocate_data_block+0x243/0xa30 [f2fs]
? __mod_lruvec_page_state+0xa0/0x150
do_write_page+0x80/0x160 [f2fs]
f2fs_do_write_node_page+0x32/0x50 [f2fs]
__write_node_page+0x339/0x730 [f2fs]
f2fs_sync_node_pages+0x5a6/0x780 [f2fs]
block_operations+0x257/0x340 [f2fs]
f2fs_write_checkpoint+0x102/0x1050 [f2fs]
f2fs_gc+0x27c/0x630 [f2fs]
? folio_mark_dirty+0x36/0x70
f2fs_balance_fs+0x16f/0x180 [f2fs]
This patch adds checking whether free sections are enough before checkpoint
during gc.
[Jaegeuk Kim: code clean-up]
Security readout for executives and security teams
Plain-English summary
CVE-2023-54151 is a Linux kernel f2fs availability flaw. Under specific f2fs LFS-mode, near-full-disk write conditions, the system can crash during filesystem garbage collection and checkpointing. This is operationally important for systems relying on f2fs-backed storage, but the sources do not show active exploitation.
Executive priority
Handle as a targeted availability risk. Patch affected Linux systems where f2fs LFS-mode storage is used for important workloads. Broader emergency response is not supported by the provided evidence because exploitation is unconfirmed and conditions are narrow.
Technical view
In f2fs LFS mode, foreground garbage collection can trigger checkpointing when dirty node and dentry pages created by data migration exceed remaining free space. The reported crash occurs in f2fs segment allocation paths. The fix adds a check that enough free sections exist before checkpointing during garbage collection.
Likely exposure
Exposure is most likely on Linux systems using f2fs mounted in LFS mode, especially with storage driven close to full capacity under heavy random-write workloads. Systems not using f2fs, or not using LFS mode, appear outside the described scenario.
Exploitation context
The source describes a local reproduction that fills a 20GiB f2fs LFS-mode block device and performs random writes. It does not identify remote exploitation, privilege escalation, data theft, or confirmed active exploitation. KEV status is false in the bundle.
Researcher notes
The record lists Linux kernel f2fs and references stable commits. Version data in the bundle is not fully explanatory, so validate against upstream commits and distribution backports. The public description supports denial-of-service through kernel crash, not confidentiality or integrity impact.
Mitigation direction
Upgrade to a kernel containing the referenced stable fixes or a vendor backport.
Prioritize systems mounting f2fs in LFS mode with heavy write workloads.
Avoid operating f2fs LFS volumes near full capacity until patched.
Monitor Linux distribution advisories for fixed kernel packages.
Treat recurring f2fs checkpoint crashes as a patching priority.
Validation and detection
Inventory Linux systems using f2fs and identify LFS-mode mounts.
Map running kernel builds to vendor fixed packages or referenced stable commits.
Review kernel crash logs for f2fs new_curseg or f2fs_write_checkpoint traces.
Check whether affected systems run near-full f2fs storage workloads.
Confirm remediation through vendor kernel version or commit provenance.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2023-54151 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 24, 2025, 13:07 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.