CVE-2026-46175
Analyzed Analyzed - Analysis Complete
F2FS fsck Inconsistency Due to FGGC Node Block Migration

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs# seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync root@vm:/mnt/f2fs# rm -f 1 root@vm:/mnt/f2fs# sync root@vm:/mnt/f2fs# f2fs_io gc_range // move data block in sync mode and not write CP SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set The root cause is that GC does not clear the dentry mark and fsync mark during node block migration, leading fsck to misinterpret them as user-issued fsync writes. In BGGC mode, node block migration is handled by f2fs_sync_node_pages(), which guarantees the dentry and fsync marks are cleared before writing. This patch move the set/clear of the fsync|dentry marks into __write_node_folio to make the logic clearer, and ensures the fsync|dentry mark is cleared in FGGC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46175
EUVD
EUVD-2026-32802
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 4.7 (inc) to 6.18.30 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's f2fs filesystem, specifically related to the handling of node block migration during FGGC (Foreground Garbage Collection). When migrating node blocks, the garbage collection process does not properly clear certain marks (dentry and fsync marks) on the node blocks. As a result, the filesystem check tool (fsck) may incorrectly interpret these migrated node blocks as data that was explicitly fsync-written by the user, causing inconsistencies during filesystem checks.

The root cause is that during FGGC node block migration, the dentry and fsync marks are not cleared, leading to fsck misinterpreting the state of the inode. This issue does not occur in BGGC (Background Garbage Collection) mode because the migration process there ensures these marks are cleared before writing.

The fix involved moving the logic for setting and clearing these marks into a function called __write_node_folio, ensuring that the marks are properly cleared during FGGC node block migration.

Impact Analysis

This vulnerability can cause filesystem inconsistencies during checks with fsck, as fsck may incorrectly treat migrated node blocks as fsync-written data. This misinterpretation can lead to false positives or errors during filesystem integrity verification.

Such inconsistencies might affect the reliability of filesystem checks and potentially lead to incorrect repair actions or misdiagnosis of filesystem health, which could impact system stability or data integrity if not properly handled.

Detection Guidance

This vulnerability can be detected by observing fsck inconsistencies caused by FGGC (Foreground Garbage Collection) of node blocks in the f2fs filesystem. Specifically, fsck may incorrectly treat migrated node blocks as fsync-written data.

A reproduction scenario involves running commands on a system using the f2fs filesystem to trigger the issue and observe the behavior of fsck.

  • seq 1 2048 | xargs -n 1 ./test_sync # write inline inode and sync
  • rm -f 1
  • sync
  • f2fs_io gc_range # move data block in sync mode without writing checkpoint

After these commands, running fsck with the --dry-run option may reveal that an inode has already been checkpointed but still has the DENT_BIT_SHIFT set, indicating the inconsistency caused by the vulnerability.

Mitigation Strategies

The vulnerability is resolved by a patch that moves the setting and clearing of the fsync and dentry marks into the __write_node_folio function, ensuring these marks are cleared during FGGC node block migration.

Immediate mitigation steps include updating the Linux kernel to a version that includes this patch to ensure the fsync and dentry marks are properly cleared during node block migration.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46175. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart