CVE-2025-38626

MEDIUM EPSS 4.3%
Published Aug 22, 202510mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Aug 22, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode w/ "mode=lfs" mount option, generic/299 will cause system panic as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2835! Call Trace: <TASK> f2fs_allocate_data_block+0x6f4/0xc50 f2fs_map_blocks+0x970/0x1550 f2fs_iomap_begin+0xb2/0x1e0 iomap_iter+0x1d6/0x430 __iomap_dio_rw+0x208/0x9a0 f2fs_file_write_iter+0x6b3/0xfa0 aio_write+0x15d/0x2e0 io_submit_one+0x55e/0xab0 __x64_sys_io_submit+0xa5/0x230 do_syscall_64+0x84/0x2f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0010:new_curseg+0x70f/0x720 The root cause of we run out-of-space is: in f2fs_map_blocks(), f2fs may trigger foreground gc only if it allocates any physical block, it will be a little bit later when there is multiple threads writing data w/ aio/dio/bufio method in parallel, since we always use OPU in lfs mode, so f2fs_map_blocks() does block allocations aggressively. In order to fix this issue, let's give a chance to trigger foreground gc in prior to block allocation in f2fs_map_blocks().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥4.8  –  <6.6.102
linuxlinux_kernel*≥6.7  –  <6.12.42
linuxlinux_kernel*≥6.13  –  <6.15.10
linuxlinux_kernel*≥6.16  –  <6.16.1

References 7

  • git.kernel.org https://git.kernel.org/stable/c/1005a3ca28e90c7a64fa43023f866b960a60f791
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/385e64a0744584397b4b52b27c96703516f39968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82765ce5c7a56f9309ee45328e763610eaf11253
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c737047f4665232d1e26b3620bc62df334545451
  • git.kernel.org https://git.kernel.org/stable/c/d2f280f43a2a9d918fd23169ff3a6f3b65c7cec5
  • git.kernel.org https://git.kernel.org/stable/c/f289690f50a01c3e085d87853392d5b7436a4cee
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1005a3ca28e90c7a64fa43023f866b960a60f791
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/264ede8a52f18647ed5bb5f2bd9bf54f556ad8f5
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/385e64a0744584397b4b52b27c96703516f39968
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82765ce5c7a56f9309ee45328e763610eaf11253
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f289690f50a01c3e085d87853392d5b7436a4cee
    Patch