Description
In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix fsck inconsistency caused by FGGC of node block

During FGGC node block migration, fsck may incorrectly treat the
migrated node block as fsync-written data.

The reproduction scenario:
root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync
root@vm:/mnt/f2fs# rm -f 1
root@vm:/mnt/f2fs# sync
root@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP
SPO, "fsck --dry-run" find inode has already checkpointed but still
with DENT_BIT_SHIFT set

The root cause is that GC does not clear the dentry mark and fsync mark
during node block migration, leading fsck to misinterpret them as
user-issued fsync writes.

In BGGC mode, node block migration is handled by f2fs_sync_node_pages(),
which guarantees the dentry and fsync marks are cleared before writing.

This patch move the set/clear of the fsync|dentry marks into
__write_node_folio to make the logic clearer, and ensures the
fsync|dentry mark is cleared in FGGC.
Published: 2026-05-28
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During f2fs garbage‑collection in foreground‑mode (FGGC), the kernel failed to clear dentry and fsync marks from node blocks. Fsck subsequently misinterpreted those blocks as having been fsynced, producing false metadata and risking inconsistent or corrupted file system state. The flaw is a logic error that can lead to data loss or corruption of the on‑disk structure, affecting the integrity and availability of stored data.

Affected Systems

All Linux kernel installations that support the f2fs file system are potentially impacted until the recent patch is applied. No edition or version boundaries are specified, so a broad class of current kernels may contain the defect.

Risk and Exploitability

Based on the description, the likely attack vector is local exploitation by a user with elevated privileges such as root or CAP_SYS_ADMIN, since the flaw manifests during filesystem garbage‑collection. No remote or user‑level attack vector is documented. The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog, indicating low but non‑zero exploitation probability. The CVSS score assigned is 7.1. Nonetheless, an attacker who can trigger the fault could cause file system corruption, so the risk is non‑negligible for systems that rely on f2fs consistency.

Generated by OpenCVE AI on June 10, 2026 at 22:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the f2fs consistency patch (the commits referenced in the advisory); this fixes the logic error during foreground garbage collection.
  • Reboot the system so that the patched kernel becomes active.
  • Run `fsck.f2fs -y` on all f2fs partitions to verify that the metadata is consistent after the update.

Generated by OpenCVE AI on June 10, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Fri, 29 May 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-665

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync root@vm:/mnt/f2fs# rm -f 1 root@vm:/mnt/f2fs# sync root@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set The root cause is that GC does not clear the dentry mark and fsync mark during node block migration, leading fsck to misinterpret them as user-issued fsync writes. In BGGC mode, node block migration is handled by f2fs_sync_node_pages(), which guarantees the dentry and fsync marks are cleared before writing. This patch move the set/clear of the fsync|dentry marks into __write_node_folio to make the logic clearer, and ensures the fsync|dentry mark is cleared in FGGC.
Title f2fs: fix fsck inconsistency caused by FGGC of node block
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:00:16.128Z

Reserved: 2026-05-13T15:03:33.103Z

Link: CVE-2026-46175

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:33.130

Modified: 2026-06-10T21:15:02.107

Link: CVE-2026-46175

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46175 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses