CVE-2026-23234 is a use-after-free (UAF) race condition in the Linux kernel's Flash-Friendly File System (F2FS). The vulnerability affects the f2fs_write_end_io() path, where asynchronous write completions could access freed filesystem state. Reported via syzbot, the issue was fixed by an upstream F2FS patch that modifies how the superblock/state pointer is handled during write completion and shutdown sequences. This tag covers discussions about the CVE, the kernel patch, and the underlying race condition in F2FS write-end I/O. It is relevant for Linux system administrators, kernel developers, and security researchers tracking filesystem vulnerabilities and their mitigations.
-
A compact but consequential fix for the Linux kernel’s Flash-Friendly File System (F2FS) has closed a use‑after‑free (UAF) race in the f2fs_write_end_io() path, closing a window that could let asynchronous write completions touch freed filesystem state. The issue, tracked as CVE‑2026‑23234 and...