Impact
A race condition exists in the Linux f2fs file system that can cause newly created files to be lost when an fsync operation is performed concurrently with a checkpoint operation. The flaw arises because the monitoring code checks nat_entry flags that are set before the checkpoint actually finishes, falsely assuming completion and discarding data. The result is loss of file data and corruption of data integrity for any user on the affected system.
Affected Systems
All installations of the Linux kernel that use the f2fs file system are impacted. The exact kernel version range is not specified in the advisory, but any system running f2fs before the patch to f2fs_need_inode_block_update() is vulnerable.
Risk and Exploitability
The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating a low overall exploitation probability. Attackers would need local or privileged access, as creating a file and triggering fsync during a checkpoint is required. The vulnerability does not provide code execution or privilege escalation, so the primary risk is data loss for users who rely on f2fs.
OpenCVE Enrichment