CVE-2026-23265
f2fs: fix to do sanity check on node footer in {read,write}_end_io
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------
kernel BUG at fs/f2fs/data.c:358!
Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ> In f2fs_write_end_io(), it detects there is inconsistency in between
node page index (nid) and footer.nid of node page. If footer of node page is corrupted in fuzzed image, then we load corrupted
node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),
in where we won't do sanity check on node footer, once node page becomes
dirty, we will encounter this bug after node page writeback.
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: f2fs: corrección para realizar una comprobación de coherencia en el pie de página del nodo en {read,write}_end_io -----------[ cut here ]------------
BUG del kernel en fs/f2fs/data.c:358!
Traza de llamadas: blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 En f2fs_write_end_io(), se detecta una inconsistencia entre el índice de la página de nodo (nid) y footer.nid de la página de nodo. Si el pie de página de la página de nodo está corrupto en una imagen sometida a fuzzing, entonces cargamos la página de nodo corrupta con un método asíncrono, p. ej., f2fs_ra_node_pages() o f2fs_ra_node_page(), donde no realizaremos una comprobación de coherencia en el pie de página del nodo; una vez que la página de nodo se vuelve sucia, encontraremos este error después de la escritura de vuelta de la página de nodo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2026-01-13 CVE Reserved
- 2026-03-18 CVE Published
- 2026-04-19 EPSS Updated
- 2026-05-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/e05df3b115e7308afbca652769b54e4549fcc723 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.18.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.18.13" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 6.19.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 6.19.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.8 < 7.0 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.8 < 7.0" | en |
Affected
| ||||||