Vulnerability-Lookup

FKIE_CVE-2026-23265

Vulnerability from fkie_nvd - Published: 2026-03-18 18:16 - Updated: 2026-03-19 13:25

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ> In f2fs_write_end_io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page. If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer in {read,write}_end_io\n\n-----------[ cut here ]------------\nkernel BUG at fs/f2fs/data.c:358!\nCall Trace:\n \u003cIRQ\u003e\n blk_update_request+0x5eb/0xe70 block/blk-mq.c:987\n blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149\n blk_complete_reqs block/blk-mq.c:1224 [inline]\n blk_done_softirq+0x107/0x160 block/blk-mq.c:1229\n handle_softirqs+0x283/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050\n \u003c/IRQ\u003e\n\nIn f2fs_write_end_io(), it detects there is inconsistency in between\nnode page index (nid) and footer.nid of node page.\n\nIf footer of node page is corrupted in fuzzed image, then we load corrupted\nnode page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),\nin where we won\u0027t do sanity check on node footer, once node page becomes\ndirty, we will encounter this bug after node page writeback."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nf2fs: correcci\u00f3n para realizar una comprobaci\u00f3n de coherencia en el pie de p\u00e1gina del nodo en {read,write}_end_io\n\n-----------[ cut here ]------------\nBUG del kernel en fs/f2fs/data.c:358!\nTraza de llamadas:\n \n blk_update_request+0x5eb/0xe70 block/blk-mq.c:987\n blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149\n blk_complete_reqs block/blk-mq.c:1224 [inline]\n blk_done_softirq+0x107/0x160 block/blk-mq.c:1229\n handle_softirqs+0x283/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050\n \n\nEn f2fs_write_end_io(), se detecta una inconsistencia entre el \u00edndice de la p\u00e1gina de nodo (nid) y footer.nid de la p\u00e1gina de nodo.\n\nSi el pie de p\u00e1gina de la p\u00e1gina de nodo est\u00e1 corrupto en una imagen sometida a fuzzing, entonces cargamos la p\u00e1gina de nodo corrupta con un m\u00e9todo as\u00edncrono, p. ej., f2fs_ra_node_pages() o f2fs_ra_node_page(), donde no realizaremos una comprobaci\u00f3n de coherencia en el pie de p\u00e1gina del nodo; una vez que la p\u00e1gina de nodo se vuelve sucia, encontraremos este error despu\u00e9s de la escritura de vuelta de la p\u00e1gina de nodo."
    }
  ],
  "id": "CVE-2026-23265",
  "lastModified": "2026-03-19T13:25:00.570",
  "metrics": {},
  "published": "2026-03-18T18:16:25.233",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

CVE-2026-23265 (GCVE-0-2026-23265)

Vulnerability from cvelistv5 – Published: 2026-03-18 17:44 – Updated: 2026-05-11 22:03

Title

f2fs: fix to do sanity check on node footer in {read,write}_end_io

Summary

Severity ?

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/855c54f1803e3ebc6…
https://git.kernel.org/stable/c/c386753db52b3a80a…
https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: e05df3b115e7308afbca652769b54e4549fcc723 , < 855c54f1803e3ebc613677b4f389c7f92656a1fc (git) Affected: e05df3b115e7308afbca652769b54e4549fcc723 , < c386753db52b3a80afa6612bfdcb925aa5ca260f (git) Affected: e05df3b115e7308afbca652769b54e4549fcc723 , < 50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4 (git)
Linux	Linux	Affected: 3.8 Unaffected: 0 , < 3.8 (semver) Unaffected: 6.18.13 , ≤ 6.18.* (semver) Unaffected: 6.19.3 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/data.c",
            "fs/f2fs/f2fs.h",
            "fs/f2fs/node.c",
            "fs/f2fs/node.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "855c54f1803e3ebc613677b4f389c7f92656a1fc",
              "status": "affected",
              "version": "e05df3b115e7308afbca652769b54e4549fcc723",
              "versionType": "git"
            },
            {
              "lessThan": "c386753db52b3a80afa6612bfdcb925aa5ca260f",
              "status": "affected",
              "version": "e05df3b115e7308afbca652769b54e4549fcc723",
              "versionType": "git"
            },
            {
              "lessThan": "50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4",
              "status": "affected",
              "version": "e05df3b115e7308afbca652769b54e4549fcc723",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/data.c",
            "fs/f2fs/f2fs.h",
            "fs/f2fs/node.c",
            "fs/f2fs/node.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "lessThan": "3.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.13",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.3",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "3.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer in {read,write}_end_io\n\n-----------[ cut here ]------------\nkernel BUG at fs/f2fs/data.c:358!\nCall Trace:\n \u003cIRQ\u003e\n blk_update_request+0x5eb/0xe70 block/blk-mq.c:987\n blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149\n blk_complete_reqs block/blk-mq.c:1224 [inline]\n blk_done_softirq+0x107/0x160 block/blk-mq.c:1229\n handle_softirqs+0x283/0x870 kernel/softirq.c:579\n __do_softirq kernel/softirq.c:613 [inline]\n invoke_softirq kernel/softirq.c:453 [inline]\n __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680\n irq_exit_rcu+0x9/0x30 kernel/softirq.c:696\n instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]\n sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050\n \u003c/IRQ\u003e\n\nIn f2fs_write_end_io(), it detects there is inconsistency in between\nnode page index (nid) and footer.nid of node page.\n\nIf footer of node page is corrupted in fuzzed image, then we load corrupted\nnode page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),\nin where we won\u0027t do sanity check on node footer, once node page becomes\ndirty, we will encounter this bug after node page writeback."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T22:03:31.038Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f"
        },
        {
          "url": "https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4"
        }
      ],
      "title": "f2fs: fix to do sanity check on node footer in {read,write}_end_io",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23265",
    "datePublished": "2026-03-18T17:44:48.031Z",
    "dateReserved": "2026-01-13T15:37:45.991Z",
    "dateUpdated": "2026-05-11T22:03:31.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2026-23265

CVE-2026-23265 (GCVE-0-2026-23265)

Tags

Sightings

Nomenclature