CVE-2025-38578
published 2025-08-19CVE-2025-38578: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1]…
medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
syzbot reported an UAF issue as below: [1] [2]
[1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000
BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62
Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8
CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkaller-00017-g642656a36791 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: writeback wb_workfn (flush-7:0)
Call Trace:
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106
print_address_description mm/kasan/report.c:316 [inline]
print_report+0x158/0x4e0 mm/kasan/report.c:427
kasan_report+0x13c/0x170 mm/kasan/report.c:531
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351
__list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62
__list_del_entry include/linux/list.h:134 [inline]
list_del_init include/linux/list.h:206 [inline]
f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553
f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588
f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706
f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734
write_inode fs/fs-writeback.c:1460 [inline]
__writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677
writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903
__writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974
wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081
wb_check_background_flush fs/fs-writeback.c:2151 [inline]
wb_do_writeback fs/fs-writeback.c:2239 [inline]
wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266
process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299
worker_thread+0xa60/0x1260 kernel/workqueue.c:2446
kthread+0x26d/0x300 kernel/kthread.c:386
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
Allocated by task 298:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x4b/0x7
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 37e78cad7e9e025e63bb35bc200f44637b009bb1 | 37e78cad7e9e025e63bb35bc200f44637b009bb1 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 4dcd830c420f2190ae32f03626039fde7b57b2ad | 4dcd830c420f2190ae32f03626039fde7b57b2ad |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0 | 1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 917ae5e280bc263f56c83fba0d0f0be2c4828083 | 917ae5e280bc263f56c83fba0d0f0be2c4828083 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 3d37cadaac1a8e108e576297aab9125b24ea2dfe | 3d37cadaac1a8e108e576297aab9125b24ea2dfe |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < dea243f58a8391e76f42ad5eb59ff210519ee772 | dea243f58a8391e76f42ad5eb59ff210519ee772 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < a4b0cc9e0bba7525a29f37714e88df12a47997a2 | a4b0cc9e0bba7525a29f37714e88df12a47997a2 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 6cac47af39b2b8edbb41d47c3bd9c332f83e9932 | 6cac47af39b2b8edbb41d47c3bd9c332f83e9932 |
| linux | linux | >= 0f18b462b2e5aff64b8638e8a47284b907351ef3 < 7c30d79930132466f5be7d0b57add14d1a016bda | 7c30d79930132466f5be7d0b57add14d1a016bda |
| linux | linux_kernel | >= 0 < 5.10.244-1 | 5.10.244-1 |
| linux | linux_kernel | >= 0 < 6.1.148-1 | 6.1.148-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 4.8 < 5.4.297 | 5.4.297 |
| linux | linux_kernel | >= 5.11 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.148 | 6.1.148 |
| linux | linux_kernel | >= 5.5 < 5.10.241 | 5.10.241 |
| linux | linux_kernel | >= 6.13 < 6.15.10 | 6.15.10 |
| linux | linux_kernel | >= 6.16 < 6.16.1 | 6.16.1 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv5.5MEDIUM