Impact
The flaw resides in the nilfs2 filesystem’s io ctl interface for marking blocks for garbage collection. A malformed request that sets the block descriptor field bd_oblocknr to zero bypasses the dead‑block check, causing nilfs_bmap_mark() to be invoked on a non‑existent block. The lookup then fails with –ENOENT, which in turn triggers WARN_ON. The result is kernel warnings and a risk of instability, potentially leading to service interruption if the error propagates further.
Affected Systems
Linux kernels that ship the nilfs2 filesystem and do not yet include the patch that rejects a zero bd_oblocknr value. Any system running a nilfs2 enabled filesystem with the vulnerable io ctl path, regardless of kernel version, is affected until the commit that adds the rejection logic is applied.
Risk and Exploitability
The EPSS score of < 1% indicates a very low probability of exploitation and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker must be able to launch a local ioctl request against a nilfs2 filesystem, implying privileged access or a local compromise. The likely attack vector is a privileged local user executing a crafted ioctl. No information in the CVE data explicitly states remote exploitation or non‑privileged access, so these conclusions are inferred. The impact remains confined to the local node and manifests as kernel warning messages and potential instability, rather than a crash.
OpenCVE Enrichment
Debian DLA