CVE-2025-38626
Modified Modified - Updated After Analysis
BaseFortify

Publication date: 2025-08-22

Last updated on: 2026-06-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace: <TASK> f2fs_allocate_data_block+0x6f4/0xc50 f2fs_map_blocks+0x970/0x1550 f2fs_iomap_begin+0xb2/0x1e0 iomap_iter+0x1d6/0x430 __iomap_dio_rw+0x208/0x9a0 f2fs_file_write_iter+0x6b3/0xfa0 aio_write+0x15d/0x2e0 io_submit_one+0x55e/0xab0 __x64_sys_io_submit+0xa5/0x230 do_syscall_64+0x84/0x2f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0010:new_curseg+0x70f/0x720 The root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may trigger foreground gc only if it allocates any physical block, it will be a little bit later when there is multiple threads writing data w/ aio/dio/bufio method in parallel, since we always use OPU in lfs mode, so f2fs_map_blocks() does block allocations aggressively. In order to fix this issue, let's give a chance to trigger foreground gc in prior to block allocation in f2fs_map_blocks().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2026-06-01
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-38626
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's f2fs filesystem when mounted with the 'mode=lfs' option. The issue occurs in the f2fs_map_blocks() function, which may cause a system panic (kernel BUG) due to improper handling of foreground garbage collection (gc). Specifically, foreground gc is only triggered after allocating a physical block, but under certain conditions with multiple threads writing data in parallel, aggressive block allocation can lead to running out of space and a kernel panic. The fix involves allowing foreground gc to be triggered before block allocation to prevent this panic.

Impact Analysis

This vulnerability can cause a system panic (kernel crash) when using the f2fs filesystem with the 'mode=lfs' mount option under heavy parallel write loads. This can lead to system instability, potential data loss, and downtime as the kernel crashes unexpectedly.

Detection Guidance

This vulnerability can be detected by monitoring for kernel panic messages related to f2fs filesystem operations, specifically errors mentioning 'kernel BUG at fs/f2fs/segment.c:2835' or call traces involving f2fs_map_blocks and new_curseg. You can check the system logs using commands like 'dmesg | grep f2fs' or 'journalctl -k | grep f2fs' to look for such panic messages. Additionally, monitoring for system panics or crashes during heavy write operations using aio/dio/bufio methods on f2fs mounted with 'mode=lfs' can help detect the issue.

Mitigation Strategies

Immediate mitigation steps include avoiding mounting f2fs filesystems with the 'mode=lfs' option until the kernel is updated with the fix. Reducing or stopping parallel write operations using aio/dio/bufio methods on f2fs filesystems can also help prevent triggering the bug. Applying the kernel update that includes the fix to trigger foreground garbage collection prior to block allocation in f2fs_map_blocks is the definitive solution.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38626. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart