CVE-2025-38333
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-10

Last updated on: 2025-11-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in get_new_segment() ------------[ cut here ]------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 new_curseg+0x5e8/0x6dc pc : new_curseg+0x5e8/0x6dc Call trace: new_curseg+0x5e8/0x6dc f2fs_allocate_data_block+0xa54/0xe28 do_write_page+0x6c/0x194 f2fs_do_write_node_page+0x38/0x78 __write_node_page+0x248/0x6d4 f2fs_sync_node_pages+0x524/0x72c f2fs_write_checkpoint+0x4bc/0x9b0 __checkpoint_and_complete_reqs+0x80/0x244 issue_checkpoint_thread+0x8c/0xec kthread+0x114/0x1bc ret_from_fork+0x10/0x20 get_new_segment() detects inconsistent status in between free_segmap and free_secmap, let's record such error into super block, and bail out get_new_segment() instead of continue using the segment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-10
Last Modified
2025-11-18
Generated
2026-05-07
AI Q&A
2025-07-10
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38333
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's f2fs file system, specifically in the get_new_segment() function. It involves an inconsistency detected between free_segmap and free_secmap, which are data structures tracking free segments and sections. The fix ensures that when such an inconsistency is detected, the function records the error in the super block and stops further processing instead of continuing to use the problematic segment. This prevents potential errors or corruption related to segment allocation.


How can this vulnerability impact me? :

If exploited or triggered, this vulnerability could lead to file system errors or corruption due to improper handling of segment allocation in the f2fs file system. This might result in data loss, system instability, or crashes when the kernel attempts to allocate new segments incorrectly.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for warning messages related to f2fs, specifically messages containing 'WARNING: CPU' and references to 'new_curseg' or 'get_new_segment()' failures in the f2fs filesystem code. You can use commands like 'dmesg | grep f2fs' or 'journalctl -k | grep f2fs' to look for such warnings.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this f2fs vulnerability is fixed. Since the issue is resolved by a fix in get_new_segment(), applying the latest kernel patches or upgrading to the fixed kernel version is recommended to prevent the inconsistent segment status issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart