Skip to main content

Linux EUVDEUVD-2026-12904

| CVE-2026-23265 MEDIUM
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 29, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 18:00 euvd
EUVD-2026-12904
Analysis Generated
Mar 18, 2026 - 18:00 vuln.today
CVE Published
Mar 18, 2026 - 17:44 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on node footer in {read,write}_end_io

-----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: <IRQ> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987 blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149 blk_complete_reqs block/blk-mq.c:1224 [inline] blk_done_softirq+0x107/0x160 block/blk-mq.c:1229 handle_softirqs+0x283/0x870 kernel/softirq.c:579 __do_softirq kernel/softirq.c:613 [inline] invoke_softirq kernel/softirq.c:453 [inline] __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680 irq_exit_rcu+0x9/0x30 kernel/softirq.c:696 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050 </IRQ>

In f2fs_write_end_io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page.

If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.

AnalysisAI

A vulnerability in the Linux kernel's f2fs (Flash-Friendly File System) implementation fails to validate node footer integrity during asynchronous read and write I/O operations, allowing corrupted node page data to trigger a kernel BUG and cause denial of service. This affects all Linux kernel versions using f2fs, particularly those processing untrusted or fuzzed filesystem images. An attacker with the ability to craft a malicious f2fs filesystem image can trigger a kernel panic when the corrupted node page is written back, resulting in system unavailability.

Technical ContextAI

The vulnerability exists in the f2fs file system driver (fs/f2fs/data.c), specifically in the f2fs_write_end_io() and f2fs_read_end_io() functions. F2fs uses node pages to store filesystem metadata, and each node page includes a footer containing a node ID (nid) that must match the page index. The root cause is insufficient input validation (CWE-20: Improper Input Validation) in asynchronous page loading functions such as f2fs_ra_node_pages() and f2fs_ra_node_page(), which perform read-ahead operations without sanity checking the node footer. When a corrupted node page (with mismatched nid in the footer) is loaded asynchronously and subsequently marked dirty, the write-back handler detects the inconsistency and triggers a kernel BUG assertion. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* indicates all Linux kernel versions are potentially affected until patched.

RemediationAI

Upgrade to a patched Linux kernel version that includes commits 855c54f1803e3ebc613677b4f389c7f92656a1fc, c386753db52b3a80afa6612bfdcb925aa5ca260f, or 50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4, available from https://git.kernel.org/stable/. Most major Linux distributions (Ubuntu, Fedora, RHEL, Debian) have released patched kernel versions; users should update via their distribution's package manager (e.g., apt update && apt upgrade on Debian/Ubuntu, yum update on RHEL). Until patching is feasible, restrict the mounting of untrusted f2fs filesystem images by implementing filesystem mounting policies via AppArmor or SELinux, validating filesystem images with offline f2fs repair tools before mounting, and disabling f2fs support entirely if the feature is not required. For container environments, ensure base images are built from patched kernel versions and validate container image integrity before deployment.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.13-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-12904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy