Login Sign Up

CVE-2025-23130

5.5 MEDIUM
Denial of Service

📋 TL;DR

A race condition vulnerability in the Linux kernel's F2FS filesystem can cause a kernel panic when concurrent pinfile allocation operations fail due to insufficient free sections. This affects systems using the F2FS filesystem and can lead to denial of service.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Linux kernel versions with F2FS support before fixes in stable releases (specific versions in git commits provided)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only affects systems using F2FS filesystem. Not vulnerable if using ext4, XFS, or other filesystems.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical intervention to reboot affected systems.

🟠

Likely Case

System instability or crash when specific F2FS operations are performed concurrently under low disk space conditions.

🟢

If Mitigated

No impact if patched or if F2FS filesystem is not in use.

🌐 Internet-Facing: LOW - Requires local filesystem access and specific F2FS operations.
🏢 Internal Only: MEDIUM - Can be triggered by legitimate users or automated processes performing filesystem operations on F2FS partitions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to perform specific F2FS operations concurrently. Discovered through syzkaller fuzzing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available in stable kernel releases (commits: 2dda0930fb79b847b4bfceb737577d0f6bc24d7d, 48ea8b200414ac69ea96f4c231f5c7ef1fbeffef, 9392862608d081a8346a3b841f862d732fce954b)

Vendor Advisory: https://git.kernel.org/stable/c/2dda0930fb79b847b4bfceb737577d0f6bc24d7d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing fixes. 2. Check kernel version with 'uname -r'. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Avoid F2FS usage

linux

Use alternative filesystems like ext4 or XFS instead of F2FS

Monitor disk space

linux

Ensure adequate free space on F2FS partitions to prevent allocation failures

df -h | grep f2fs

🧯 If You Can't Patch

  • Avoid using F2FS filesystem for critical systems
  • Implement monitoring for kernel panic events and have recovery procedures ready

🔍 How to Verify

Check if Vulnerable:

Check if using F2FS: 'mount | grep f2fs' and check kernel version: 'uname -r' against affected versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and check git commit history includes the fix commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages in /var/log/kern.log or dmesg output
  • F2FS allocation failure errors
  • System crash/reboot events

Network Indicators:

  • None - local filesystem vulnerability

SIEM Query:

source="kernel" AND ("panic" OR "BUG" OR "f2fs" AND "allocation")

📊 Metadata

CVE ID: CVE-2025-23130
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score: 0.06% exploit probability (19th percentile)
Published: April 16, 2025
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON