CVE-2026-46175
F2FS fsck Inconsistency Due to FGGC Node Block Migration
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | f2fs | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's f2fs filesystem, specifically related to the handling of node block migration during FGGC (Foreground Garbage Collection). When migrating node blocks, the garbage collection process does not properly clear certain marks (dentry and fsync marks) on the node blocks. As a result, the filesystem check tool (fsck) may incorrectly interpret these migrated node blocks as data that was explicitly fsync-written by the user, causing inconsistencies during filesystem checks.
The root cause is that during FGGC node block migration, the dentry and fsync marks are not cleared, leading to fsck misinterpreting the state of the inode. This issue does not occur in BGGC (Background Garbage Collection) mode because the migration process there ensures these marks are cleared before writing.
The fix involved moving the logic for setting and clearing these marks into a function called __write_node_folio, ensuring that the marks are properly cleared during FGGC node block migration.
How can this vulnerability impact me? :
This vulnerability can cause filesystem inconsistencies during checks with fsck, as fsck may incorrectly treat migrated node blocks as fsync-written data. This misinterpretation can lead to false positives or errors during filesystem integrity verification.
Such inconsistencies might affect the reliability of filesystem checks and potentially lead to incorrect repair actions or misdiagnosis of filesystem health, which could impact system stability or data integrity if not properly handled.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing fsck inconsistencies caused by FGGC (Foreground Garbage Collection) of node blocks in the f2fs filesystem. Specifically, fsck may incorrectly treat migrated node blocks as fsync-written data.
A reproduction scenario involves running commands on a system using the f2fs filesystem to trigger the issue and observe the behavior of fsck.
- seq 1 2048 | xargs -n 1 ./test_sync # write inline inode and sync
- rm -f 1
- sync
- f2fs_io gc_range # move data block in sync mode without writing checkpoint
After these commands, running fsck with the --dry-run option may reveal that an inode has already been checkpointed but still has the DENT_BIT_SHIFT set, indicating the inconsistency caused by the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by a patch that moves the setting and clearing of the fsync and dentry marks into the __write_node_folio function, ensuring these marks are cleared during FGGC node block migration.
Immediate mitigation steps include updating the Linux kernel to a version that includes this patch to ensure the fsync and dentry marks are properly cleared during node block migration.