Description
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on node footer in {read,write}_end_io

-----------[ cut here ]------------
kernel BUG at fs/f2fs/data.c:358!
Call Trace:
<IRQ>
blk_update_request+0x5eb/0xe70 block/blk-mq.c:987
blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149
blk_complete_reqs block/blk-mq.c:1224 [inline]
blk_done_softirq+0x107/0x160 block/blk-mq.c:1229
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050
</IRQ>

In f2fs_write_end_io(), it detects there is inconsistency in between
node page index (nid) and footer.nid of node page.

If footer of node page is corrupted in fuzzed image, then we load corrupted
node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),
in where we won't do sanity check on node footer, once node page becomes
dirty, we will encounter this bug after node page writeback.
Published: 2026-03-18
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Kernel crash and denial of service
Action: Immediate Patch
AI Analysis

Impact

A bug in the f2fs filesystem’s end‑IO handling can cause a mismatch between a node’s page index and the footer’s node ID. When an attacker supplies a filesystem image with a corrupted footer, the kernel accepts the page and later, during writeback, triggers a BUG that can lead to a kernel panic or system reboot. The underlying weakness is a memory corruption vulnerability that can be exploited to destabilize system availability.

Affected Systems

The flaw affects the Linux kernel’s f2fs implementation. All kernel versions prior to the applied patch are susceptible, regardless of distribution, since the affected code is part of the core kernel tree.

Risk and Exploitability

The CVSS score is not provided, but the EPSS score is below 1 %, indicating low probability of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog, yet an attacker who can supply a malicious or fuzzed filesystem image can trigger it, resulting in a denial‑of‑service attack that forces a system reboot or loss of service. The attack vector is local filesystem access, typically by an attacker who can control the image used by the f2fs volume.

Generated by OpenCVE AI on March 25, 2026 at 13:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the f2fs node‑footer sanity check patch; patches are available from the official kernel git repository.
  • Re‑compile the kernel if custom builds are used, ensuring the patch is present before booting.
  • If an update is not immediately possible, unmount affected f2fs partitions or disable the filesystem to prevent further writes until the issue is resolved.

Generated by OpenCVE AI on March 25, 2026 at 13:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References

Wed, 18 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ> In f2fs_write_end_io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page. If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.
Title f2fs: fix to do sanity check on node footer in {read,write}_end_io
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:03:13.295Z

Reserved: 2026-01-13T15:37:45.991Z

Link: CVE-2026-23265

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T18:16:25.233

Modified: 2026-03-19T13:25:00.570

Link: CVE-2026-23265

cve-icon Redhat

Severity :

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23265 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:10:44Z

Weaknesses

No weakness.