{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-54068","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T12:21:05.092Z","datePublished":"2025-12-24T12:23:12.818Z","dateUpdated":"2026-05-11T19:54:51.445Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:54:51.445Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()\n\nBUG_ON() will be triggered when writing files concurrently,\nbecause the same page is writtenback multiple times.\n\n1597 void folio_end_writeback(struct folio *folio)\n1598 {\n\t\t......\n1618     if (!__folio_end_writeback(folio))\n1619         BUG();\n\t\t......\n1625 }\n\nkernel BUG at mm/filemap.c:1619!\nCall Trace:\n <TASK>\n f2fs_write_end_io+0x1a0/0x370\n blk_update_request+0x6c/0x410\n blk_mq_end_request+0x15/0x130\n blk_complete_reqs+0x3c/0x50\n __do_softirq+0xb8/0x29b\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x19/0x20\n smpboot_thread_fn+0x10b/0x1d0\n kthread+0xde/0x110\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x22/0x30\n </TASK>\n\nBelow is the concurrency scenario:\n\n[Process A]\t\t[Process B]\t\t[Process C]\nf2fs_write_raw_pages()\n  - redirty_page_for_writepage()\n  - unlock page()\n\t\t\tf2fs_do_write_data_page()\n\t\t\t  - lock_page()\n\t\t\t  - clear_page_dirty_for_io()\n\t\t\t  - set_page_writeback() [1st writeback]\n\t\t\t    .....\n\t\t\t    - unlock page()\n\n\t\t\t\t\t\tgeneric_perform_write()\n\t\t\t\t\t\t  - f2fs_write_begin()\n\t\t\t\t\t\t    - wait_for_stable_page()\n\n\t\t\t\t\t\t  - f2fs_write_end()\n\t\t\t\t\t\t    - set_page_dirty()\n\n  - lock_page()\n    - f2fs_do_write_data_page()\n      - set_page_writeback() [2st writeback]\n\nThis problem was introduced by the previous commit 7377e853967b (\"f2fs:\ncompress: fix potential deadlock of compress file\"). All pagelocks were\nreleased in f2fs_write_raw_pages(), but whether the page was\nin the writeback state was ignored in the subsequent writing process.\nLet's fix it by waiting for the page to writeback before writing."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/compress.c"],"versions":[{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"a8226a45b2a9ce83ba7a167a387a00fecc319e71","status":"affected","versionType":"git"},{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"169134da419cb8ffbe3b0743bc24573e16952ea9","status":"affected","versionType":"git"},{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"6604df2a9d07ba8f8fb1ac14046c2c83776faa4f","status":"affected","versionType":"git"},{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"9940877c4fe752923a53f0f7372f2f152b6eccf0","status":"affected","versionType":"git"},{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"ad31eed06c3b4d63b2d38322a271d4009aee4bb3","status":"affected","versionType":"git"},{"version":"4c8ff7095bef64fc47e996a938f7d57f9e077da3","lessThan":"babedcbac164cec970872b8097401ca913a80e61","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/f2fs/compress.c"],"versions":[{"version":"5.6","status":"affected"},{"version":"0","lessThan":"5.6","status":"unaffected","versionType":"semver"},{"version":"5.10.180","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.111","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.28","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.2.15","lessThanOrEqual":"6.2.*","status":"unaffected","versionType":"semver"},{"version":"6.3.2","lessThanOrEqual":"6.3.*","status":"unaffected","versionType":"semver"},{"version":"6.4","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.10.180"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"5.15.111"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.1.28"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.2.15"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.3.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6","versionEndExcluding":"6.4"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a8226a45b2a9ce83ba7a167a387a00fecc319e71"},{"url":"https://git.kernel.org/stable/c/169134da419cb8ffbe3b0743bc24573e16952ea9"},{"url":"https://git.kernel.org/stable/c/6604df2a9d07ba8f8fb1ac14046c2c83776faa4f"},{"url":"https://git.kernel.org/stable/c/9940877c4fe752923a53f0f7372f2f152b6eccf0"},{"url":"https://git.kernel.org/stable/c/ad31eed06c3b4d63b2d38322a271d4009aee4bb3"},{"url":"https://git.kernel.org/stable/c/babedcbac164cec970872b8097401ca913a80e61"}],"title":"f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()","x_generator":{"engine":"bippy-1.2.0"}}}}