CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to do sanity check on node footer in {read,write}_end_io<br /> <br /> -----------[ cut here ]------------<br /> kernel BUG at fs/f2fs/data.c:358!<br /> Call Trace:<br /> <br /> blk_update_request+0x5eb/0xe70 block/blk-mq.c:987<br /> blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149<br /> blk_complete_reqs block/blk-mq.c:1224 [inline]<br /> blk_done_softirq+0x107/0x160 block/blk-mq.c:1229<br /> handle_softirqs+0x283/0x870 kernel/softirq.c:579<br /> __do_softirq kernel/softirq.c:613 [inline]<br /> invoke_softirq kernel/softirq.c:453 [inline]<br /> __irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680<br /> irq_exit_rcu+0x9/0x30 kernel/softirq.c:696<br /> instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]<br /> sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050<br /> <br /> <br /> In f2fs_write_end_io(), it detects there is inconsistency in between<br /> node page index (nid) and footer.nid of node page.<br /> <br /> If footer of node page is corrupted in fuzzed image, then we load corrupted<br /> node page w/ async method, e.g. f2fs_ra_node_pages() or f2fs_ra_node_page(),<br /> in where we won&amp;#39;t do sanity check on node footer, once node page becomes<br /> dirty, we will encounter this bug after node page writeback.