CVE-2025-40137
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-12

Last updated on: 2025-11-12

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fs_truncate() syzbot reports a bug as below: loop0: detected capacity change from 0 to 40427 F2FS-fs (loop0): Wrong SSA boundary, start(3584) end(4096) blocks(3072) F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock F2FS-fs (loop0): invalid crc value F2FS-fs (loop0): f2fs_convert_inline_folio: corrupted inline inode ino=3, i_addr[0]:0x1601, run fsck to fix. ------------[ cut here ]------------ kernel BUG at fs/inode.c:753! RIP: 0010:clear_inode+0x169/0x190 fs/inode.c:753 Call Trace: <TASK> evict+0x504/0x9c0 fs/inode.c:810 f2fs_fill_super+0x5612/0x6fa0 fs/f2fs/super.c:5047 get_tree_bdev_flags+0x40e/0x4d0 fs/super.c:1692 vfs_get_tree+0x8f/0x2b0 fs/super.c:1815 do_new_mount+0x2a2/0x9e0 fs/namespace.c:3808 do_mount fs/namespace.c:4136 [inline] __do_sys_mount fs/namespace.c:4347 [inline] __se_sys_mount+0x317/0x410 fs/namespace.c:4324 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f During f2fs_evict_inode(), clear_inode() detects that we missed to truncate all page cache before destorying inode, that is because in below path, we will create page #0 in cache, but missed to drop it in error path, let's fix it. - evict - f2fs_evict_inode - f2fs_truncate - f2fs_convert_inline_inode - f2fs_grab_cache_folio : create page #0 in cache - f2fs_convert_inline_folio : sanity check failed, return -EFSCORRUPTED - clear_inode detects that inode->i_data.nrpages is not zero
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-12
Last Modified
2025-11-12
Generated
2026-05-07
AI Q&A
2025-11-13
EPSS Evaluated
2026-05-05
NVD
CVE-2025-40137
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's F2FS filesystem implementation. It occurs because during the inode eviction process, the code fails to properly truncate the first page in the page cache in an error path of the f2fs_truncate() function. Specifically, when an inline inode conversion fails a sanity check, a page (#0) is created in the cache but not dropped, leading to inode data inconsistency. This causes a kernel bug and potential filesystem corruption.


How can this vulnerability impact me? :

This vulnerability can lead to filesystem corruption and kernel bugs, which may cause system instability or crashes. It can affect data integrity on systems using the F2FS filesystem, potentially resulting in data loss or the need to run filesystem checks (fsck) to repair corrupted inodes.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel logs for specific error messages related to the f2fs filesystem, such as 'detected capacity change', 'Wrong SSA boundary', 'Can't find valid F2FS filesystem in 1th superblock', 'invalid crc value', or kernel BUG messages at fs/inode.c:753. Running filesystem checks (fsck) on the affected f2fs partitions may also reveal corruption. Specific commands to check kernel logs include 'dmesg | grep f2fs' or 'journalctl -k | grep f2fs'. Running 'fsck.f2fs' on the affected filesystem can help detect and fix corruption.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include running filesystem checks (fsck) on the affected f2fs partitions to fix corruption, avoiding mounting or using corrupted f2fs filesystems until patched, and updating the Linux kernel to a version where this vulnerability is fixed. Monitoring kernel logs for related errors can help identify affected systems.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart