[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2025070340-CVE-2025-38164-2a23@gregkh>
Date: Thu, 3 Jul 2025 10:36:20 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38164: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
<TASK>
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x220 [f2fs]
f2fs_stop_checkpoint+0x38/0x50 [f2fs]
do_garbage_collect+0x674/0x6e0 [f2fs]
f2fs_gc_range+0x12b/0x230 [f2fs]
f2fs_allocate_pinning_section+0x5c/0x150 [f2fs]
f2fs_expand_inode_data+0x1cc/0x3c0 [f2fs]
f2fs_fallocate+0x3c3/0x410 [f2fs]
vfs_fallocate+0x15f/0x4b0
__x64_sys_fallocate+0x4a/0x80
x64_sys_call+0x15e8/0x1b80
do_syscall_64+0x68/0x130
entry_SYSCALL_64_after_hwframe+0x67/0x6f
RIP: 0033:0x7f9dba5197ca
F2FS-fs (nullb0): Stopped filesystem due to reason: 4
The reason is f2fs_gc_range() may try to migrate block in curseg, however,
its SSA block is not uptodate due to the last summary block data is still
in cache of curseg.
In this patch, we add a condition in f2fs_gc_range() to check whether
section is opened or not, and skip block migration for opened section.
The Linux kernel CVE team has assigned CVE-2025-38164 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.9 with commit 9703d69d9d153bb230711d0d577454552aeb13d4 and fixed in 6.12.34 with commit 44a51592ac657d8e422585414d7ec17a5b50fb0e
Issue introduced in 6.9 with commit 9703d69d9d153bb230711d0d577454552aeb13d4 and fixed in 6.15.3 with commit 8d9431b0d11a5030aa1ce477defee455b3821701
Issue introduced in 6.9 with commit 9703d69d9d153bb230711d0d577454552aeb13d4 and fixed in 6.16-rc1 with commit 773704c1ef96a8b70d0d186ab725f50548de82c4
Issue introduced in 6.6.33 with commit 40d76c393cca83938b11eb7ca8983aa3cd0ed69b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38164
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/f2fs/gc.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/44a51592ac657d8e422585414d7ec17a5b50fb0e
https://git.kernel.org/stable/c/8d9431b0d11a5030aa1ce477defee455b3821701
https://git.kernel.org/stable/c/773704c1ef96a8b70d0d186ab725f50548de82c4
Powered by blists - more mailing lists