CVE-2025-38219
Analyzed
Analyzed - Analysis Complete
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0
home/cc/linux/fs/inode.c:417
Modules linked in:
CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted
6.14.0-12627-g94d471a4f428 #2 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417
Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 70 07 00 00 e8 f9 67 e6 ff
f0 48 ff 83 70 07 00 00 5b 5d e9 9a 12 82 ff e8 95 12 82 ff 90
<0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 83 12 82 ff e8 fe 5f e6
ff
RSP: 0018:ffffc900026b7c28 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8239710f
RDX: ffff888041345a00 RSI: ffffffff8239717b RDI: 0000000000000005
RBP: ffff888054509ad0 R08: 0000000000000005 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff9ab36f08 R12: ffff88804bb40000
R13: ffff8880545091e0 R14: 0000000000008000 R15: ffff8880545091e0
FS: 000055555d0c5880(0000) GS:ffff8880eb3e3000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f915c55b178 CR3: 0000000050d20000 CR4: 0000000000352ef0
Call Trace:
<task>
f2fs_i_links_write home/cc/linux/fs/f2fs/f2fs.h:3194 [inline]
f2fs_drop_nlink+0xd1/0x3c0 home/cc/linux/fs/f2fs/dir.c:845
f2fs_delete_entry+0x542/0x1450 home/cc/linux/fs/f2fs/dir.c:909
f2fs_unlink+0x45c/0x890 home/cc/linux/fs/f2fs/namei.c:581
vfs_unlink+0x2fb/0x9b0 home/cc/linux/fs/namei.c:4544
do_unlinkat+0x4c5/0x6a0 home/cc/linux/fs/namei.c:4608
__do_sys_unlink home/cc/linux/fs/namei.c:4654 [inline]
__se_sys_unlink home/cc/linux/fs/namei.c:4652 [inline]
__x64_sys_unlink+0xc5/0x110 home/cc/linux/fs/namei.c:4652
do_syscall_x64 home/cc/linux/arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc7/0x250 home/cc/linux/arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fb3d092324b
Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66
2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 57 00 00 00 0f 05
<48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01
48
RSP: 002b:00007ffdc232d938 EFLAGS: 00000206 ORIG_RAX: 0000000000000057
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3d092324b
RDX: 00007ffdc232d960 RSI: 00007ffdc232d960 RDI: 00007ffdc232d9f0
RBP: 00007ffdc232d9f0 R08: 0000000000000001 R09: 00007ffdc232d7c0
R10: 00000000fffffffd R11: 0000000000000206 R12: 00007ffdc232eaf0
R13: 000055555d0cebb0 R14: 00007ffdc232d958 R15: 0000000000000001
</task>
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 3.8 (inc) to 5.4.295 (exc) |
| linux | linux_kernel | From 5.5 (inc) to 5.10.239 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.186 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.142 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.95 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.35 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.15.4 (exc) |
| debian | debian_linux | 11.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's f2fs filesystem involves a kernel warning triggered by a negative i_nlink value caused by a corrupted image. The issue occurs in the drop_nlink function, which handles inode link counts. A negative i_nlink is unexpected and indicates filesystem corruption, which can cause kernel warnings or instability.
How can this vulnerability impact me? :
This vulnerability can lead to kernel warnings and potentially system instability or crashes due to corrupted filesystem metadata (negative i_nlink values). This may affect system reliability and data integrity when using the f2fs filesystem on Linux.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70