Login Sign Up

CVE-2023-52748

7.8 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This CVE is a buffer overflow vulnerability in the Linux kernel's F2FS filesystem compression module. An attacker could exploit this to cause a kernel panic (denial of service) or potentially execute arbitrary code with kernel privileges. Systems using F2FS filesystem compression are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with vulnerable F2FS compression code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when F2FS filesystem compression is enabled and in use. Many systems don't use F2FS compression by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory corruption leading to arbitrary code execution with kernel privileges, system compromise, or persistent rootkit installation.

🟠

Likely Case

Kernel panic causing system crash and denial of service, requiring physical or remote console access to reboot.

🟢

If Mitigated

No impact if F2FS compression is disabled or systems are patched.

🌐 Internet-Facing: LOW - Requires local access or ability to mount F2FS filesystems with compression enabled.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could crash systems or potentially escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to trigger the vulnerable code path in F2FS compression module.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 3eebe636cac53886bd5d1cdd55e082ec9e84983f, 526dd7540a09ecf87b5f54f3ab4e0a2528f25a79, 6fca08fd3085253b48fcb1bd243a0a5e18821a00, c041f5ddef00c731c541e00bc8ae97b8c84c682f, e0d4e8acb3789c5a8651061fbab62ca24a45c063

Vendor Advisory: https://git.kernel.org/stable/c/3eebe636cac53886bd5d1cdd55e082ec9e84983f

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable F2FS compression

linux

Prevent exploitation by disabling F2FS filesystem compression feature

mount -o remount,no_compress /path/to/mountpoint
Add 'no_compress' to /etc/fstab for F2FS partitions

🧯 If You Can't Patch

  • Disable F2FS compression on all mounted filesystems
  • Restrict local user access to systems using F2FS with compression

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if F2FS compression is enabled: cat /proc/version | grep -E 'kernel version' && mount | grep f2fs

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched: uname -r and check for commit IDs in kernel source

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/messages or dmesg
  • F2FS compression-related errors

Network Indicators:

  • None - local vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "f2fs"

📊 Metadata

CVE ID: CVE-2023-52748
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 21, 2024
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52748, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)