CVE-2025-38579
published 2025-08-19CVE-2025-38579: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix KMSAN uninit-value in extent_info usage
KMSAN reported a use of uninitialized value in `__is_extent_mergeable()`
and `__is_back_mergeable()` via the read extent tree path.
The root cause is that `get_read_extent_info()` only initializes three
fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the
remaining fields uninitialized. This leads to undefined behavior
when those fields are accessed later, especially during
extent merging.
Fix it by zero-initializing the `extent_info` struct before population.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | linux | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| debian | linux-6.1 | < linux 6.1.148-1 (bookworm) | linux 6.1.148-1 (bookworm) |
| linux | linux | — | — |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < 08e8ab00a6d20d5544c932ee85a297d833895141 | 08e8ab00a6d20d5544c932ee85a297d833895141 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < e68b751ec2b15d866967812c57cfdfc1eba6a269 | e68b751ec2b15d866967812c57cfdfc1eba6a269 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898 | dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < 44a79437309e0ee2276ac17aaedc71253af253a8 | 44a79437309e0ee2276ac17aaedc71253af253a8 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < cc1615d5aba4f396cf412579928539a2b124c8a0 | cc1615d5aba4f396cf412579928539a2b124c8a0 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < 01b6f5955e0008af6bc3a181310d2744bb349800 | 01b6f5955e0008af6bc3a181310d2744bb349800 |
| linux | linux | >= 94afd6d6e5253179c9b891d02081cc8355a11768 < 154467f4ad033473e5c903a03e7b9bca7df9a0fa | 154467f4ad033473e5c903a03e7b9bca7df9a0fa |
| linux | linux_kernel | >= 0 < 6.1.148-1 | 6.1.148-1 |
| linux | linux_kernel | >= 0 < 6.12.43-1 | 6.12.43-1 |
| linux | linux_kernel | >= 0 < 6.16.3-1 | 6.16.3-1 |
| linux | linux_kernel | >= 0 < 5.15.0-163.173 | 5.15.0-163.173 |
| linux | linux_kernel | >= 0 < 6.8.0-100.100 | 6.8.0-100.100 |
| linux | linux_kernel | >= 5.15 < 5.15.190 | 5.15.190 |
| linux | linux_kernel | >= 5.16 < 6.1.148 | 6.1.148 |
| linux | linux_kernel | >= 6.13 < 6.15.10 | 6.15.10 |
| linux | linux_kernel | >= 6.16 < 6.16.1 | 6.16.1 |
| linux | linux_kernel | >= 6.2 < 6.6.102 | 6.6.102 |
| linux | linux_kernel | >= 6.7 < 6.12.42 | 6.12.42 |
| msrc | azl3_kernel_6.6.96.1-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| ubuntu | linux-aws | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH