cve 23235

CVE-2026-23235 is a Linux kernel vulnerability affecting the Flash-Friendly File System (F2FS). The issue stems from a mismatch between kernel data structures and sysfs attribute handling, where the code assumed 32-bit unsigned integers for all attributes. This led to out-of-bounds writes on smaller fields and silent truncation on larger fields. A fix was merged in early March 2026, introducing an explicit size field for each F2FS sysfs attribute and correcting the show/store logic. This tag covers discussions about the vulnerability, its root cause, and the upstream patch. While the tag is hosted on WindowsForum.com, the content is Linux-specific and relevant to system administrators and developers managing Linux kernels.