CVE-2025-38578 (GCVE-0-2025-38578)
Vulnerability from cvelistv5
Published
2025-08-19 17:03
Modified
2025-08-28 14:43
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000 ================================================================== BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkaller-00017-g642656a36791 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Workqueue: writeback wb_workfn (flush-7:0) Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [inline] list_del_init include/linux/list.h:206 [inline] f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553 f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588 f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706 f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734 write_inode fs/fs-writeback.c:1460 [inline] __writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974 wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081 wb_check_background_flush fs/fs-writeback.c:2151 [inline] wb_do_writeback fs/fs-writeback.c:2239 [inline] wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> Allocated by task 298: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:333 kasan_slab_alloc include/linux/kasan.h:202 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768 slab_alloc_node mm/slub.c:3421 [inline] slab_alloc mm/slub.c:3431 [inline] __kmem_cache_alloc_lru mm/slub.c:3438 [inline] kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454 alloc_inode_sb include/linux/fs.h:3255 [inline] f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c:1437 alloc_inode fs/inode.c:261 [inline] iget_locked+0x18c/0x7e0 fs/inode.c:1373 f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486 f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei.c:484 __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689 lookup_slow+0x5a/0x80 fs/namei.c:1706 walk_component+0x2e7/0x410 fs/namei.c:1997 lookup_last fs/namei.c:2454 [inline] path_lookupat+0x16d/0x450 fs/namei.c:2478 filename_lookup+0x251/0x600 fs/namei.c:2507 vfs_statx+0x107/0x4b0 fs/stat.c:229 vfs_fstatat fs/stat.c:267 [inline] vfs_lstat include/linux/fs.h:3434 [inline] __do_sys_newlstat fs/stat.c:423 [inline] __se_sys_newlstat+0xda/0x7c0 fs/stat.c:417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Freed by task 0: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516 ____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249 kasan_slab_free include/linux/kasan.h:178 [inline] slab_free_hook mm/slub.c:1745 [inline] slab_free_freelist_hook mm/slub.c:1771 [inline] slab_free mm/slub.c:3686 [inline] kmem_cache_free+0x ---truncated---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/37e78cad7e9e025e63bb35bc200f44637b009bb1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3d37cadaac1a8e108e576297aab9125b24ea2dfe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/4dcd830c420f2190ae32f03626039fde7b57b2ad
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6cac47af39b2b8edbb41d47c3bd9c332f83e9932
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7c30d79930132466f5be7d0b57add14d1a016bda
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/917ae5e280bc263f56c83fba0d0f0be2c4828083
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a4b0cc9e0bba7525a29f37714e88df12a47997a2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/dea243f58a8391e76f42ad5eb59ff210519ee772
Impacted products
Vendor Product Version
Linux Linux Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
Version: 0f18b462b2e5aff64b8638e8a47284b907351ef3
 Create a notification for this product.
   Linux Linux Version: 4.8
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "37e78cad7e9e025e63bb35bc200f44637b009bb1",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "4dcd830c420f2190ae32f03626039fde7b57b2ad",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "917ae5e280bc263f56c83fba0d0f0be2c4828083",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "3d37cadaac1a8e108e576297aab9125b24ea2dfe",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "dea243f58a8391e76f42ad5eb59ff210519ee772",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "a4b0cc9e0bba7525a29f37714e88df12a47997a2",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "6cac47af39b2b8edbb41d47c3bd9c332f83e9932",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            },
            {
              "lessThan": "7c30d79930132466f5be7d0b57add14d1a016bda",
              "status": "affected",
              "version": "0f18b462b2e5aff64b8638e8a47284b907351ef3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17-rc1",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid UAF in f2fs_sync_inode_meta()\n\nsyzbot reported an UAF issue as below: [1] [2]\n\n[1] https://syzkaller.appspot.com/text?tag=CrashReport\u0026x=16594c60580000\n\n==================================================================\nBUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62\nRead of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8\n\nCPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G        W          6.1.129-syzkaller-00017-g642656a36791 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nWorkqueue: writeback wb_workfn (flush-7:0)\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:316 [inline]\n print_report+0x158/0x4e0 mm/kasan/report.c:427\n kasan_report+0x13c/0x170 mm/kasan/report.c:531\n __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351\n __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62\n __list_del_entry include/linux/list.h:134 [inline]\n list_del_init include/linux/list.h:206 [inline]\n f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553\n f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588\n f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706\n f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734\n write_inode fs/fs-writeback.c:1460 [inline]\n __writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677\n writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903\n __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974\n wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081\n wb_check_background_flush fs/fs-writeback.c:2151 [inline]\n wb_do_writeback fs/fs-writeback.c:2239 [inline]\n wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266\n process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299\n worker_thread+0xa60/0x1260 kernel/workqueue.c:2446\n kthread+0x26d/0x300 kernel/kthread.c:386\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\n \u003c/TASK\u003e\n\nAllocated by task 298:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x4b/0x70 mm/kasan/common.c:52\n kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505\n __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:333\n kasan_slab_alloc include/linux/kasan.h:202 [inline]\n slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768\n slab_alloc_node mm/slub.c:3421 [inline]\n slab_alloc mm/slub.c:3431 [inline]\n __kmem_cache_alloc_lru mm/slub.c:3438 [inline]\n kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454\n alloc_inode_sb include/linux/fs.h:3255 [inline]\n f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c:1437\n alloc_inode fs/inode.c:261 [inline]\n iget_locked+0x18c/0x7e0 fs/inode.c:1373\n f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486\n f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei.c:484\n __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689\n lookup_slow+0x5a/0x80 fs/namei.c:1706\n walk_component+0x2e7/0x410 fs/namei.c:1997\n lookup_last fs/namei.c:2454 [inline]\n path_lookupat+0x16d/0x450 fs/namei.c:2478\n filename_lookup+0x251/0x600 fs/namei.c:2507\n vfs_statx+0x107/0x4b0 fs/stat.c:229\n vfs_fstatat fs/stat.c:267 [inline]\n vfs_lstat include/linux/fs.h:3434 [inline]\n __do_sys_newlstat fs/stat.c:423 [inline]\n __se_sys_newlstat+0xda/0x7c0 fs/stat.c:417\n __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417\n x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x3b/0x80 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x68/0xd2\n\nFreed by task 0:\n kasan_save_stack mm/kasan/common.c:45 [inline]\n kasan_set_track+0x4b/0x70 mm/kasan/common.c:52\n kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516\n ____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241\n __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249\n kasan_slab_free include/linux/kasan.h:178 [inline]\n slab_free_hook mm/slub.c:1745 [inline]\n slab_free_freelist_hook mm/slub.c:1771 [inline]\n slab_free mm/slub.c:3686 [inline]\n kmem_cache_free+0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:43:57.429Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/37e78cad7e9e025e63bb35bc200f44637b009bb1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dcd830c420f2190ae32f03626039fde7b57b2ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/917ae5e280bc263f56c83fba0d0f0be2c4828083"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d37cadaac1a8e108e576297aab9125b24ea2dfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/dea243f58a8391e76f42ad5eb59ff210519ee772"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4b0cc9e0bba7525a29f37714e88df12a47997a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cac47af39b2b8edbb41d47c3bd9c332f83e9932"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c30d79930132466f5be7d0b57add14d1a016bda"
        }
      ],
      "title": "f2fs: fix to avoid UAF in f2fs_sync_inode_meta()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38578",
    "datePublished": "2025-08-19T17:03:01.483Z",
    "dateReserved": "2025-04-16T04:51:24.026Z",
    "dateUpdated": "2025-08-28T14:43:57.429Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38578\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-08-19T17:15:34.870\",\"lastModified\":\"2025-08-28T15:15:54.133\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nf2fs: fix to avoid UAF in f2fs_sync_inode_meta()\\n\\nsyzbot reported an UAF issue as below: [1] [2]\\n\\n[1] https://syzkaller.appspot.com/text?tag=CrashReport\u0026x=16594c60580000\\n\\n==================================================================\\nBUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62\\nRead of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8\\n\\nCPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G        W          6.1.129-syzkaller-00017-g642656a36791 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\\nWorkqueue: writeback wb_workfn (flush-7:0)\\nCall Trace:\\n \u003cTASK\u003e\\n __dump_stack lib/dump_stack.c:88 [inline]\\n dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106\\n print_address_description mm/kasan/report.c:316 [inline]\\n print_report+0x158/0x4e0 mm/kasan/report.c:427\\n kasan_report+0x13c/0x170 mm/kasan/report.c:531\\n __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351\\n __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62\\n __list_del_entry include/linux/list.h:134 [inline]\\n list_del_init include/linux/list.h:206 [inline]\\n f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553\\n f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588\\n f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706\\n f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734\\n write_inode fs/fs-writeback.c:1460 [inline]\\n __writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677\\n writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903\\n __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974\\n wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081\\n wb_check_background_flush fs/fs-writeback.c:2151 [inline]\\n wb_do_writeback fs/fs-writeback.c:2239 [inline]\\n wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266\\n process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299\\n worker_thread+0xa60/0x1260 kernel/workqueue.c:2446\\n kthread+0x26d/0x300 kernel/kthread.c:386\\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295\\n \u003c/TASK\u003e\\n\\nAllocated by task 298:\\n kasan_save_stack mm/kasan/common.c:45 [inline]\\n kasan_set_track+0x4b/0x70 mm/kasan/common.c:52\\n kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505\\n __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:333\\n kasan_slab_alloc include/linux/kasan.h:202 [inline]\\n slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768\\n slab_alloc_node mm/slub.c:3421 [inline]\\n slab_alloc mm/slub.c:3431 [inline]\\n __kmem_cache_alloc_lru mm/slub.c:3438 [inline]\\n kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454\\n alloc_inode_sb include/linux/fs.h:3255 [inline]\\n f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c:1437\\n alloc_inode fs/inode.c:261 [inline]\\n iget_locked+0x18c/0x7e0 fs/inode.c:1373\\n f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486\\n f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei.c:484\\n __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689\\n lookup_slow+0x5a/0x80 fs/namei.c:1706\\n walk_component+0x2e7/0x410 fs/namei.c:1997\\n lookup_last fs/namei.c:2454 [inline]\\n path_lookupat+0x16d/0x450 fs/namei.c:2478\\n filename_lookup+0x251/0x600 fs/namei.c:2507\\n vfs_statx+0x107/0x4b0 fs/stat.c:229\\n vfs_fstatat fs/stat.c:267 [inline]\\n vfs_lstat include/linux/fs.h:3434 [inline]\\n __do_sys_newlstat fs/stat.c:423 [inline]\\n __se_sys_newlstat+0xda/0x7c0 fs/stat.c:417\\n __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417\\n x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7\\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\\n do_syscall_64+0x3b/0x80 arch/x86/entry/common.c:81\\n entry_SYSCALL_64_after_hwframe+0x68/0xd2\\n\\nFreed by task 0:\\n kasan_save_stack mm/kasan/common.c:45 [inline]\\n kasan_set_track+0x4b/0x70 mm/kasan/common.c:52\\n kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516\\n ____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241\\n __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249\\n kasan_slab_free include/linux/kasan.h:178 [inline]\\n slab_free_hook mm/slub.c:1745 [inline]\\n slab_free_freelist_hook mm/slub.c:1771 [inline]\\n slab_free mm/slub.c:3686 [inline]\\n kmem_cache_free+0x\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar UAF en f2fs_sync_inode_meta() syzbot inform\u00f3 un problema de UAF como el siguiente: [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport\u0026amp;x=16594c60580000 ===================================================================== ERROR: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 Read of size 8 at addr ffff888100567dc8 by task kworker/u4:0/8 CPU: 1 PID: 8 Comm: kworker/u4:0 Tainted: G W 6.1.129-syzkaller-00017-g642656a36791 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Workqueue: writeback wb_workfn (flush-7:0) Call Trace:  __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [inline] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [inline] list_del_init include/linux/list.h:206 [inline] f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553 f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588 f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706 f2fs_write_inode+0x416/0x790 fs/f2fs/inode.c:734 write_inode fs/fs-writeback.c:1460 [inline] __writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974 wb_writeback+0x3da/0xa00 fs/fs-writeback.c:2081 wb_check_background_flush fs/fs-writeback.c:2151 [inline] wb_do_writeback fs/fs-writeback.c:2239 [inline] wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266 process_one_work+0x73d/0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295  Allocated by task 298: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:333 kasan_slab_alloc include/linux/kasan.h:202 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768 slab_alloc_node mm/slub.c:3421 [inline] slab_alloc mm/slub.c:3431 [inline] __kmem_cache_alloc_lru mm/slub.c:3438 [inline] kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454 alloc_inode_sb include/linux/fs.h:3255 [inline] f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c:1437 alloc_inode fs/inode.c:261 [inline] iget_locked+0x18c/0x7e0 fs/inode.c:1373 f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486 f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei.c:484 __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689 lookup_slow+0x5a/0x80 fs/namei.c:1706 walk_component+0x2e7/0x410 fs/namei.c:1997 lookup_last fs/namei.c:2454 [inline] path_lookupat+0x16d/0x450 fs/namei.c:2478 filename_lookup+0x251/0x600 fs/namei.c:2507 vfs_statx+0x107/0x4b0 fs/stat.c:229 vfs_fstatat fs/stat.c:267 [inline] vfs_lstat include/linux/fs.h:3434 [inline] __do_sys_newlstat fs/stat.c:423 [inline] __se_sys_newlstat+0xda/0x7c0 fs/stat.c:417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x3b/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 Freed by task 0: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516 ____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249 kasan_slab_free include/linux/kasan.h:178 [inline] slab_free_hook mm/slub.c:1745 [inline] slab_free_freelist_hook mm/slub.c:1771 [inline] slab_free mm/slub.c:3686 [inline] kmem_cache_free+0x ---truncado---\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1edf68272b8cba2b2817ef1488ecb9f0f84cb6a0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/37e78cad7e9e025e63bb35bc200f44637b009bb1\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/3d37cadaac1a8e108e576297aab9125b24ea2dfe\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/4dcd830c420f2190ae32f03626039fde7b57b2ad\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6cac47af39b2b8edbb41d47c3bd9c332f83e9932\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/7c30d79930132466f5be7d0b57add14d1a016bda\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/917ae5e280bc263f56c83fba0d0f0be2c4828083\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a4b0cc9e0bba7525a29f37714e88df12a47997a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dea243f58a8391e76f42ad5eb59ff210519ee772\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.