GHSA-VWPG-8M6Q-566G
Vulnerability from github – Published: 2026-05-28 12:30 – Updated: 2026-05-28 12:30In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix fsck inconsistency caused by FGGC of node block
During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data.
The reproduction scenario: root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync root@vm:/mnt/f2fs# rm -f 1 root@vm:/mnt/f2fs# sync root@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set
The root cause is that GC does not clear the dentry mark and fsync mark during node block migration, leading fsck to misinterpret them as user-issued fsync writes.
In BGGC mode, node block migration is handled by f2fs_sync_node_pages(), which guarantees the dentry and fsync marks are cleared before writing.
This patch move the set/clear of the fsync|dentry marks into __write_node_folio to make the logic clearer, and ensures the fsync|dentry mark is cleared in FGGC.
{
"affected": [],
"aliases": [
"CVE-2026-46175"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T10:16:33Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix fsck inconsistency caused by FGGC of node block\n\nDuring FGGC node block migration, fsck may incorrectly treat the\nmigrated node block as fsync-written data.\n\nThe reproduction scenario:\nroot@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync\nroot@vm:/mnt/f2fs# rm -f 1\nroot@vm:/mnt/f2fs# sync\nroot@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP\n SPO, \"fsck --dry-run\" find inode has already checkpointed but still\n with DENT_BIT_SHIFT set\n\nThe root cause is that GC does not clear the dentry mark and fsync mark\nduring node block migration, leading fsck to misinterpret them as\nuser-issued fsync writes.\n\nIn BGGC mode, node block migration is handled by f2fs_sync_node_pages(),\nwhich guarantees the dentry and fsync marks are cleared before writing.\n\nThis patch move the set/clear of the fsync|dentry marks into\n__write_node_folio to make the logic clearer, and ensures the\nfsync|dentry mark is cleared in FGGC.",
"id": "GHSA-vwpg-8m6q-566g",
"modified": "2026-05-28T12:30:31Z",
"published": "2026-05-28T12:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46175"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8be551f538dc5b64183e27bd45a7a0795263f760"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c3e238bd1f56993f205ef83889d406dfeaf717a8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7c6d30169b03307d27c4479563df79c08f3a746"
}
],
"schema_version": "1.4.0",
"severity": []
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.