Impact
In the Linux kernel, the f2fs file system's f2fs_sbi_show() function retrieves the extension list, extension count, and hot extension count without holding the sb_lock. Based on the description, it is inferred that a concurrent write through f2fs_update_extension_list() can leave these values inconsistent, leading to an out‑of‑bounds read or the display of stale data. This unsynchronized access can expose kernel memory contents or cause a kernel crash.
Affected Systems
Any system that runs the Linux kernel with the f2fs filesystem and has not yet received the patch that surrounds the extension list read with sb_lock is affected. The vulnerability applies to upstream kernel versions before the fix and to all downstream distributions that ship the same code base, regardless of distribution name.
Risk and Exploitability
The EPSS score is <1%, indicating a very low probability of exploitation, yet the vulnerability can be leveraged by a local user with write permission to the f2fs sysfs extension list interface. The likely attack vector is a local privileged or root process that writes to the interface, which may trigger an out‑of‑bounds read or kernel crash. The potential impact is information disclosure or denial of service. This vulnerability is not listed in CISA KEV, suggesting no known widespread exploitation.
OpenCVE Enrichment
Debian DLA