CVE-2026-23265
Received Received - Intake
Sanity Check Bypass in Linux f2fs Node Footer Causes Kernel Crash

Publication date: 2026-03-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ> In f2fs_write_end_io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page. If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-18
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23265
EUVD
EUVD-2026-12904
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, the primary step is to update the Linux kernel to a version where the fix for the f2fs node footer sanity check has been applied.

Until the kernel is updated, avoid using fuzzed or corrupted images on f2fs filesystems that could trigger corrupted node pages.

Regularly monitor kernel logs for signs of this bug to detect early symptoms and prevent system crashes.


Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's f2fs filesystem implementation. It involves a lack of proper sanity checks on the node footer during asynchronous node page loading and writeback operations. Specifically, if the footer of a node page is corrupted, the system may load a corrupted node page without detecting the inconsistency between the node page index (nid) and the footer.nid. This can lead to a kernel bug triggered during the writeback of the node page.


How can this vulnerability impact me? :

The impact of this vulnerability is a kernel bug that can cause system instability or crashes when corrupted node pages are written back. This could potentially lead to data loss or system downtime if the filesystem becomes unstable due to this bug.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a kernel BUG related to the f2fs filesystem, specifically triggered by inconsistencies between the node page index (nid) and the footer.nid of a node page.

Detection can involve monitoring kernel logs for BUG messages similar to the following call trace:

  • kernel BUG at fs/f2fs/data.c:358!
  • Call trace involving blk_update_request, blk_mq_end_request, and f2fs_write_end_io functions.

Commands to check kernel logs for such BUGs include:

  • dmesg | grep -i 'kernel BUG'
  • journalctl -k | grep -i 'f2fs' | grep -i 'BUG'

Additionally, monitoring for filesystem errors or crashes related to f2fs node page writeback may help detect this issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart