#VU124183 Time-of-check Time-of-use (TOCTOU) Race Condition in Linux kernel - CVE-2026-23267
Published: March 20, 2026
Vulnerability identifier: #VU124183
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23267
CWE-ID: CWE-367
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a race condition in the F2FS filesystem's handling of checkpoint flags during atomic write operations when processing concurrent atomic commit and checkpoint writes. A local user can trigger a specially crafted sequence of atomic file operations to cause an inconsistency in the IS_CHECKPOINTED flag, leading to improper state management of node pages.
The issue arises specifically during atomic write scenarios where a concurrent checkpoint write completes before the atomic commit fully marks the page, resulting in incorrect flag state that can be exploited to manipulate filesystem metadata structures.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/32bc3c9fe18881d50dd51fd5f26d19fe1190dc0d
- https://git.kernel.org/stable/c/75e19da068adf0dc5dd269dd157392434b9117d4
- https://git.kernel.org/stable/c/7633a7387eb4d0259d6bea945e1d3469cd135bbc
- https://git.kernel.org/stable/c/962c167b0f262b9962207fbeaa531721d55ea00e
- https://git.kernel.org/stable/c/bd66b4c487d5091d2a65d6089e0de36f0c26a4c7
- https://git.kernel.org/stable/c/ed81bc5885460905f9160e7b463e5708fd056324