LiveActive security incident?Get immediate response
CVE Record

CVE-2024-53221: f2fs: fix null-ptr-deref in f2fs_submit_page_bio()

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_submit_page_bio() There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace: <TASK> f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] validate_checkpoint+0xac/0x290 [f2fs] f2fs_get_valid_checkpoint+0x207/0x950 [f2fs] f2fs_fill_super+0x1007/0x39b0 [f2fs] mount_bdev+0x183/0x250 legacy_get_tree+0xf4/0x1e0 vfs_get_tree+0x88/0x340 do_new_mount+0x283/0x5e0 path_mount+0x2b2/0x15b0 __x64_sys_mount+0x1fe/0x270 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Above issue happens as the biset of the f2fs file system is not initialized before register "f2fs_fs_type". To address above issue just register "f2fs_fs_type" at the last in init_f2fs_fs(). Ensure that all f2fs file system resources are initialized.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-53221 is a Linux kernel f2fs bug that can trigger a null pointer dereference during a race between loading the f2fs module and mounting an f2fs filesystem. The practical concern is system instability or denial of service on systems where f2fs is present and mount operations are possible.

Executive priority

Treat this as a stability and local denial-of-service risk, not a confirmed remote compromise issue. Patch through normal kernel maintenance, with higher priority for devices or servers that use f2fs or process untrusted removable storage.

Technical view

The flaw is in f2fs initialization order. f2fs_fs_type was registered before all f2fs resources, including the bioset, were initialized. A concurrent mount can reach f2fs_submit_page_bio(), then __bio_alloc(), before initialization completes, causing a null pointer dereference.

Likely exposure

Exposure is most relevant to Linux systems using or allowing f2fs, especially where f2fs.ko can be loaded and f2fs filesystems can be mounted. The bundle does not prove remote exposure. Mounting and module loading are typically privileged or capability-gated operations.

Exploitation context

The provided sources describe a concurrency-triggered crash condition and mark KEV as false. There is no cited evidence of active exploitation, public weaponization, or remote attack paths in the supplied bundle.

Researcher notes

The root cause is initialization ordering in init_f2fs_fs(), fixed by registering f2fs_fs_type last after resources are initialized. Evidence is limited to kernel/CVE records; no CVSS, CWE, exploit confirmation, or complete distro-specific affected matrix is provided.

Mitigation direction

  • Update to a vendor kernel containing the referenced f2fs stable fixes.
  • Prioritize systems that use f2fs or allow removable f2fs media mounts.
  • Check distribution advisories for exact fixed package versions.
  • Restrict untrusted users from mounting filesystems where policy allows.
  • Review kernel module loading controls for f2fs on systems that do not need it.

Validation and detection

  • Inventory kernel versions against vendor advisories and referenced stable commits.
  • Identify hosts with f2fs enabled, loaded, or used in storage workflows.
  • Review crash logs for f2fs null pointer dereference traces.
  • Confirm patched kernels register f2fs only after required resources initialize.
  • Validate exposure assumptions around local mount permissions and module loading.
Prepared
Confidence
medium
Sources
8

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-53221 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
0ADP providers
7Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinuxf543805fcd60f3f9a491cfa2f2dc9284d2569c28, f543805fcd60f3f9a491cfa2f2dc9284d2569c28, f543805fcd60f3f9a491cfa2f2dc9284d2569c28, f543805fcd60f3f9a491cfa2f2dc9284d2569c28, f543805fcd60f3f9a491cfa2f2dc9284d2569c28, f543805fcd60f3f9a491cfa2f2dc9284d2569c28unaffected
LinuxLinux5.6, 0, 5.15.209, 6.1.175, 6.6.72, 6.11.11, 6.12.2, 6.13affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.