Skip to main content

Linux Kernel CVE-2026-46175

| EUVDEUVD-2026-32802 HIGH
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-vwpg-8m6q-566g
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 12:00 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.1 (HIGH)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 10:16 nvd
HIGH 7.1

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix fsck inconsistency caused by FGGC of node block

During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data.

The reproduction scenario: root@vm:/mnt/f2fs

seq 1 2048 | xargs -n 1 ./test_sync // write inline inode and sync

root@vm:/mnt/f2fs

rm -f 1

root@vm:/mnt/f2fs

sync

root@vm:/mnt/f2fs

f2fs_io gc_range // move data block in sync mode and not write CP

SPO, "fsck --dry-run" find inode has already checkpointed but still with DENT_BIT_SHIFT set

The root cause is that GC does not clear the dentry mark and fsync mark during node block migration, leading fsck to misinterpret them as user-issued fsync writes.

In BGGC mode, node block migration is handled by f2fs_sync_node_pages(), which guarantees the dentry and fsync marks are cleared before writing.

This patch move the set/clear of the fsync|dentry marks into __write_node_folio to make the logic clearer, and ensures the fsync|dentry mark is cleared in FGGC.

AnalysisAI

Filesystem inconsistency in the Linux kernel's F2FS implementation allows local authenticated users to trigger fsck misinterpretation of node block migration as fsync-written data, resulting in filesystem integrity issues following a sudden power-off (SPO). Affecting Linux kernel versions through 7.0.7 and 7.1-rc1 (with backports to 6.18.30), the flaw stems from Foreground Garbage Collection (FGGC) failing to clear dentry and fsync marks during node block migration. No public exploit identified at time of analysis, and EPSS is very low at 0.02% (4th percentile).

Technical ContextAI

The vulnerability resides in the Flash-Friendly File System (F2FS), a log-structured filesystem in the Linux kernel optimized for NAND-based storage like SSDs and eMMC. F2FS uses Garbage Collection (GC) in two modes: Background GC (BGGC), which routes node block migrations through f2fs_sync_node_pages() and correctly clears dentry/fsync marks, and Foreground GC (FGGC), which historically bypassed this cleanup path. When FGGC migrates a node block, the residual DENT_BIT_SHIFT and fsync marks survive, and after a sudden power-off, fsck --dry-run misinterprets a checkpointed inode as having outstanding fsync-written data. The patch refactors the mark management into __write_node_folio() to centralize the set/clear logic across both GC paths.

RemediationAI

Upstream fix available; apply the patched stable kernel versions 6.18.30, 7.0.7, or 7.1-rc1 once distribution packages are released, sourcing the fix from the kernel.org commits at https://git.kernel.org/stable/c/8be551f538dc5b64183e27bd45a7a0795263f760, https://git.kernel.org/stable/c/e7c6d30169b03307d27c4479563df79c08f3a746, and https://git.kernel.org/stable/c/c3e238bd1f56993f205ef83889d406dfeaf717a8. Until patches are deployed, restrict access to the f2fs_io ioctl interface (which requires CAP_SYS_ADMIN or filesystem ownership) and avoid invoking manual FGGC operations such as gc_range on production filesystems - the side effect is loss of administrative GC tuning. As a deeper mitigation, consider mounting non-critical workloads on ext4 or XFS instead of F2FS where feasible, accepting the trade-off of reduced flash-storage efficiency; ensure systems using F2FS have reliable power delivery or UPS protection to reduce the window in which SPO can trigger the fsck inconsistency.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-46175 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy