CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ> In f2fs_write_end_io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page. If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4	Patch
https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc	Patch
https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

29 May 2026, 18:43

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4 -~~	() https://git.kernel.org/stable/c/50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4 - Patch
References	~~() https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc -~~	() https://git.kernel.org/stable/c/855c54f1803e3ebc613677b4f389c7f92656a1fc - Patch
References	~~() https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f -~~	() https://git.kernel.org/stable/c/c386753db52b3a80afa6612bfdcb925aa5ca260f - Patch
Summary		(es) En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: f2fs: corrección para realizar una comprobación de coherencia en el pie de página del nodo en {read,write}_end_io -----------[ cut here ]------------ BUG del kernel en fs/f2fs/data.c:358! Traza de llamadas: blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 En f2fs_write_end_io(), se detecta una inconsistencia entre el índice de la página de nodo (nid) y footer.nid de la página de nodo. Si el pie de página de la página de nodo está corrupto en una imagen sometida a fuzzing, entonces cargamos la página de nodo corrupta con un método asíncrono, p. ej., f2fs_ra_node_pages() o f2fs_ra_node_page(), donde no realizaremos una comprobación de coherencia en el pie de página del nodo; una vez que la página de nodo se vuelve sucia, encontraremos este error después de la escritura de vuelta de la página de nodo.
CWE		NVD-CWE-noinfo
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CPE		cpe:2.3:o:linux:linux_kernel::::::::

18 Mar 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-18 18:16

Updated : 2026-05-29 18:43

NVD link : CVE-2026-23265

Mitre link : CVE-2026-23265

CVE.ORG link : CVE-2026-23265

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10