SB2026032088 - Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel f2fs
Published: March 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2026-23267)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a race condition in the F2FS filesystem's handling of checkpoint flags during atomic write operations when processing concurrent atomic commit and checkpoint writes. A local user can trigger a specially crafted sequence of atomic file operations to cause an inconsistency in the IS_CHECKPOINTED flag, leading to improper state management of node pages.
The issue arises specifically during atomic write scenarios where a concurrent checkpoint write completes before the atomic commit fully marks the page, resulting in incorrect flag state that can be exploited to manipulate filesystem metadata structures.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/32bc3c9fe18881d50dd51fd5f26d19fe1190dc0d
- https://git.kernel.org/stable/c/75e19da068adf0dc5dd269dd157392434b9117d4
- https://git.kernel.org/stable/c/7633a7387eb4d0259d6bea945e1d3469cd135bbc
- https://git.kernel.org/stable/c/962c167b0f262b9962207fbeaa531721d55ea00e
- https://git.kernel.org/stable/c/bd66b4c487d5091d2a65d6089e0de36f0c26a4c7
- https://git.kernel.org/stable/c/ed81bc5885460905f9160e7b463e5708fd056324