LiveActive security incident?Get immediate response
CVE Record

CVE-2023-54151: f2fs: Fix system crash due to lack of free space in LFS

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fix system crash due to lack of free space in LFS When f2fs tries to checkpoint during foreground gc in LFS mode, system crash occurs due to lack of free space if the amount of dirty node and dentry pages generated by data migration exceeds free space. The reproduction sequence is as follows. - 20GiB capacity block device (null_blk) - format and mount with LFS mode - create a file and write 20,000MiB - 4k random write on full range of the file RIP: 0010:new_curseg+0x48a/0x510 [f2fs] Code: 55 e7 f5 89 c0 48 0f af c3 48 8b 5d c0 48 c1 e8 20 83 c0 01 89 43 6c 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc <0f> 0b f0 41 80 4f 48 04 45 85 f6 0f 84 ba fd ff ff e9 ef fe ff ff RSP: 0018:ffff977bc397b218 EFLAGS: 00010246 RAX: 00000000000027b9 RBX: 0000000000000000 RCX: 00000000000027c0 RDX: 0000000000000000 RSI: 00000000000027b9 RDI: ffff8c25ab4e74f8 RBP: ffff977bc397b268 R08: 00000000000027b9 R09: ffff8c29e4a34b40 R10: 0000000000000001 R11: ffff977bc397b0d8 R12: 0000000000000000 R13: ffff8c25b4dd81a0 R14: 0000000000000000 R15: ffff8c2f667f9000 FS: 0000000000000000(0000) GS:ffff8c344ec80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00055d000 CR3: 0000000e30810003 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> allocate_segment_by_default+0x9c/0x110 [f2fs] f2fs_allocate_data_block+0x243/0xa30 [f2fs] ? __mod_lruvec_page_state+0xa0/0x150 do_write_page+0x80/0x160 [f2fs] f2fs_do_write_node_page+0x32/0x50 [f2fs] __write_node_page+0x339/0x730 [f2fs] f2fs_sync_node_pages+0x5a6/0x780 [f2fs] block_operations+0x257/0x340 [f2fs] f2fs_write_checkpoint+0x102/0x1050 [f2fs] f2fs_gc+0x27c/0x630 [f2fs] ? folio_mark_dirty+0x36/0x70 f2fs_balance_fs+0x16f/0x180 [f2fs] This patch adds checking whether free sections are enough before checkpoint during gc. [Jaegeuk Kim: code clean-up]

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2023-54151 is a Linux kernel f2fs availability flaw. Under specific f2fs LFS-mode, near-full-disk write conditions, the system can crash during filesystem garbage collection and checkpointing. This is operationally important for systems relying on f2fs-backed storage, but the sources do not show active exploitation.

Executive priority

Handle as a targeted availability risk. Patch affected Linux systems where f2fs LFS-mode storage is used for important workloads. Broader emergency response is not supported by the provided evidence because exploitation is unconfirmed and conditions are narrow.

Technical view

In f2fs LFS mode, foreground garbage collection can trigger checkpointing when dirty node and dentry pages created by data migration exceed remaining free space. The reported crash occurs in f2fs segment allocation paths. The fix adds a check that enough free sections exist before checkpointing during garbage collection.

Likely exposure

Exposure is most likely on Linux systems using f2fs mounted in LFS mode, especially with storage driven close to full capacity under heavy random-write workloads. Systems not using f2fs, or not using LFS mode, appear outside the described scenario.

Exploitation context

The source describes a local reproduction that fills a 20GiB f2fs LFS-mode block device and performs random writes. It does not identify remote exploitation, privilege escalation, data theft, or confirmed active exploitation. KEV status is false in the bundle.

Researcher notes

The record lists Linux kernel f2fs and references stable commits. Version data in the bundle is not fully explanatory, so validate against upstream commits and distribution backports. The public description supports denial-of-service through kernel crash, not confidentiality or integrity impact.

Mitigation direction

  • Upgrade to a kernel containing the referenced stable fixes or a vendor backport.
  • Prioritize systems mounting f2fs in LFS mode with heavy write workloads.
  • Avoid operating f2fs LFS volumes near full capacity until patched.
  • Monitor Linux distribution advisories for fixed kernel packages.
  • Treat recurring f2fs checkpoint crashes as a patching priority.

Validation and detection

  • Inventory Linux systems using f2fs and identify LFS-mode mounts.
  • Map running kernel builds to vendor fixed packages or referenced stable commits.
  • Review kernel crash logs for f2fs new_curseg or f2fs_write_checkpoint traces.
  • Check whether affected systems run near-full f2fs storage workloads.
  • Confirm remediation through vendor kernel version or commit provenance.
Prepared
Confidence
medium
Sources
5

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2023-54151 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
4Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxa9163b947ae8f7af7cb8d63606cd87b9facbfe74, a9163b947ae8f7af7cb8d63606cd87b9facbfe74, a9163b947ae8f7af7cb8d63606cd87b9facbfe74, ec769406d06d5006c40554c4640f6e584ab6ae26, 8102416c05bb08795b9278a8664f9be827fadbe2, 938166b2b3051d9965c36f9b5228966d4f198b2a, 5.10.137, 5.15.150, 5.18.18unaffected
LinuxLinux5.19, 0, 6.1.30, 6.3.4, 6.4affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.