DEBIAN-CVE-2025-38577

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-38577
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38577.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-38577
Upstream
Downstream
Published
2025-08-19T17:15:34Z
Modified
2025-10-15T07:30:52.244447Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fsevictinode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe17473450 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK> ---[ end trace 0000000000000000 ]--- ================================================================== BUG: KASAN: use-after-free in _listdelentryvalid+0xa6/0x130 lib/listdebug.c:62 Read of size 8 at addr ffff88812d962278 by task syz-executor/564 CPU: 1 PID: 564 Comm: syz-executor Tainted: G W 6.1.129-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 Call Trace: <TASK> _dumpstack+0x21/0x24 lib/dumpstack.c:88 dumpstacklvl+0xee/0x158 lib/dumpstack.c:106 printaddressdescription+0x71/0x210 mm/kasan/report.c:316 printreport+0x4a/0x60 mm/kasan/report.c:427 kasanreport+0x122/0x150 mm/kasan/report.c:531 _asanreportload8noabort+0x14/0x20 mm/kasan/reportgeneric.c:351 _listdelentryvalid+0xa6/0x130 lib/listdebug.c:62 _listdelentry include/linux/list.h:134 [inline] listdelinit include/linux/list.h:206 [inline] f2fsinodesynced+0xf7/0x2e0 fs/f2fs/super.c:1531 f2fsupdateinode+0x74/0x1c40 fs/f2fs/inode.c:585 f2fsupdateinodepage+0x137/0x170 fs/f2fs/inode.c:703 f2fswriteinode+0x4ec/0x770 fs/f2fs/inode.c:731 writeinode fs/fs-writeback.c:1460 [inline] _writebacksingleinode+0x4a0/0xab0 fs/fs-writeback.c:1677 writebacksingleinode+0x221/0x8b0 fs/fs-writeback.c:1733 syncinodemetadata+0xb6/0x110 fs/fs-writeback.c:2789 f2fssyncinodemeta+0x16d/0x2a0 fs/f2fs/checkpoint.c:1159 blockoperations fs/f2fs/checkpoint.c:1269 [inline] f2fswritecheckpoint+0xca3/0x2100 fs/f2fs/checkpoint.c:1658 killf2fssuper+0x231/0x390 fs/f2fs/super.c:4668 deactivatelockedsuper+0x98/0x100 fs/super.c:332 deactivatesuper+0xaf/0xe0 fs/super.c:363 cleanupmnt+0x45f/0x4e0 fs/namespace.c:1186 _cleanupmnt+0x19/0x20 fs/namespace.c:1193 taskworkrun+0x1c6/0x230 kernel/taskwork.c:203 exittaskwork include/linux/taskwork.h:39 [inline] doexit+0x9fb/0x2410 kernel/exit.c:871 dogroupexit+0x210/0x2d0 kernel/exit.c:1021 _dosysexitgroup kernel/exit.c:1032 [inline] _sesysexitgroup kernel/exit.c:1030 [inline] _x64sysexitgroup+0x3f/0x40 kernel/exit.c:1030 x64syscall+0x7b4/0x9a0 arch/x86/include/generated/asm/syscalls64.h:232 dosyscallx64 arch/x86/entry/common.c:51 [inline] dosyscall64+0x4c/0xa0 arch/x86/entry/common.c:81 entrySYSCALL64afterhwframe+0x68/0xd2 RIP: 0033:0x7f28b1b8e169 Code: Unable to access opcode bytes at 0x7f28b1b8e13f. RSP: 002b:00007ffe174710a8 EFLAGS: 00000246 ORIGRAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f28b1c10879 RCX: 00007f28b1b8e169 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 RBP: 0000000000000002 R08: 00007ffe1746ee47 R09: 00007ffe17472360 R10: 0000000000000009 R11: 0000000000000246 R12: 00007ffe17472360 R13: 00007f28b1c10854 R14: 000000000000dae5 R15: 00007ffe17474520 </TASK> Allocated by task 569: kasansavestack mm/kasan/common.c:45 [inline] kasansettrack+0x4b/0x70 mm/kasan/common.c:52 kasansaveallocinfo+0x25/0x30 mm/kasan/generic.c:505 _kasanslaballoc+0x72/0x80 mm/kasan/common.c:328 kasanslaballoc include/linux/kasan.h:201 [inline] slabpostallochook+0x4f/0x2c0 mm/slab.h:737 slaballocnode mm/slub.c:3398 [inline] slaballoc mm/slub.c:3406 [inline] _kmemcachealloclru mm/slub.c:3413 [inline] kmemcachealloclru+0x104/0x220 mm/slub.c:3429 allocinodesb include/linux/fs.h:3245 [inline] f2fsallocinode+0x2d/0x340 fs/f2fs/super.c:1419 allocinode fs/inode.c:261 [inline] igetlocked+0x186/0x880 fs/inode.c:1373 f2fsiget+0x55/0x4c60 fs/f2fs/inode.c:483 f2fslookup+0x366/0xab0 fs/f2fs/namei.c:487 _lookupslow+0x2a3/0x3d0 fs/namei.c:1690 lookupslow+0x57/0x70 fs/namei.c:1707 walk_component+0x2e6/0x410 fs/namei ---truncated---

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.244-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1
5.10.70-1
5.10.84-1
5.10.92-1~bpo10+1
5.10.92-1
5.10.92-2
5.10.103-1~bpo10+1
5.10.103-1
5.10.106-1
5.10.113-1
5.10.120-1~bpo10+1
5.10.120-1
5.10.127-1
5.10.127-2~bpo10+1
5.10.127-2
5.10.136-1
5.10.140-1
5.10.148-1
5.10.149-1
5.10.149-2
5.10.158-1
5.10.158-2
5.10.162-1
5.10.178-1
5.10.178-2
5.10.178-3
5.10.179-1
5.10.179-2
5.10.179-3
5.10.179-4
5.10.179-5
5.10.191-1
5.10.197-1
5.10.205-1
5.10.205-2
5.10.209-1
5.10.209-2
5.10.216-1
5.10.218-1
5.10.221-1
5.10.223-1
5.10.226-1
5.10.234-1
5.10.237-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.148-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.1.112-1
6.1.115-1
6.1.119-1
6.1.123-1
6.1.124-1
6.1.128-1
6.1.129-1
6.1.133-1
6.1.135-1
6.1.137-1
6.1.139-1
6.1.140-1
6.1.147-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.43-1

Affected versions

6.*

6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.16.3-1

Affected versions

6.*

6.12.38-1
6.12.41-1
6.12.43-1~bpo12+1
6.12.43-1
6.12.48-1
6.13~rc6-1~exp1
6.13~rc7-1~exp1
6.13.2-1~exp1
6.13.3-1~exp1
6.13.4-1~exp1
6.13.5-1~exp1
6.13.6-1~exp1
6.13.7-1~exp1
6.13.8-1~exp1
6.13.9-1~exp1
6.13.10-1~exp1
6.13.11-1~exp1
6.14.3-1~exp1
6.14.5-1~exp1
6.14.6-1~exp1
6.15~rc7-1~exp1
6.15-1~exp1
6.15.1-1~exp1
6.15.2-1~exp1
6.15.3-1~exp1
6.15.4-1~exp1
6.15.5-1~exp1
6.15.6-1~exp1
6.16~rc7-1~exp1
6.16-1~exp1
6.16.1-1~exp1
6.16.3-1~bpo13+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / linux-6.1

Package

Name
linux-6.1
Purl
pkg:deb/debian/linux-6.1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.153-1~deb11u1

Affected versions

6.*

6.1.106-3~deb11u1
6.1.106-3~deb11u2
6.1.106-3~deb11u3
6.1.112-1~deb11u1
6.1.119-1~deb11u1
6.1.128-1~deb11u1
6.1.129-1~deb11u1
6.1.137-1~deb11u1
6.1.140-1~deb11u1
6.1.147-1~deb11u1
6.1.148-1~deb11u1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}