CVE-2025-38163
- Source
- https://cve.org/CVERecord?id=CVE-2025-38163
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38163.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38163
- Downstream
- Related
- Published
- 2025-07-03T08:36:04.397Z
- Modified
- 2026-03-20T12:42:42.962032Z
- Summary
- f2fs: fix to do sanity check on sbi->total_valid_block_count
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on sbi->totalvalidblock_count
syzbot reported a f2fs bug as below:
------------[ cut here ]------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call Trace: f2fstruncatedatablocksrange+0xc8c/0x11a0 fs/f2fs/file.c:695 truncatednode+0x417/0x740 fs/f2fs/node.c:973 truncatenodes+0x3ec/0xf50 fs/f2fs/node.c:1014 f2fstruncateinodeblocks+0x8e3/0x1370 fs/f2fs/node.c:1197 f2fsdotruncateblocks+0x840/0x12b0 fs/f2fs/file.c:810 f2fstruncateblocks+0x10d/0x300 fs/f2fs/file.c:838 f2fstruncate+0x417/0x720 fs/f2fs/file.c:888 f2fssetattr+0xc4f/0x12f0 fs/f2fs/file.c:1112 notifychange+0xbca/0xe90 fs/attr.c:552 dotruncate+0x222/0x310 fs/open.c:65 handletruncate fs/namei.c:3466 [inline] doopen fs/namei.c:3849 [inline] pathopenat+0x2e4f/0x35d0 fs/namei.c:4004 dofilpopen+0x284/0x4e0 fs/namei.c:4031 dosysopenat2+0x12b/0x1d0 fs/open.c:1429 dosysopen fs/open.c:1444 [inline] __dosyscreat fs/open.c:1522 [inline] __sesyscreat fs/open.c:1516 [inline] __x64syscreat+0x124/0x170 fs/open.c:1516 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xf3/0x230 arch/x86/entry/syscall64.c:94
The reason is: in fuzzed image, sbi->totalvalidblock_count is inconsistent w/ mapped blocks indexed by inode, so, we should not trigger panic for such case, instead, let's print log and set fsck flag.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38163.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/05872a167c2cab80ef186ef23cc34a6776a1a30c
- https://git.kernel.org/stable/c/25f3776b58c1c45ad2e50ab4b263505b4d2378ca
- https://git.kernel.org/stable/c/49bc7bf38e42cfa642787e947f5721696ea73ac3
- https://git.kernel.org/stable/c/65b3f76592aed5a43c4d79375ac097acf975972b
- https://git.kernel.org/stable/c/6a324d77f7ea1a91d55c4b6ad970e3ac9ab6a20d
- https://git.kernel.org/stable/c/a39cc43efc1bca74ed9d6cf9e60b995071f7d178
- https://git.kernel.org/stable/c/ccc28c0397f75a3ec9539cceed9db014d7b73869
- https://git.kernel.org/stable/c/f1b743c1955151bd392539b739a3ad155296be13
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38163.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38163
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced39a53e0ce0df01b3cf4bb898c7ae2fd2189647d5Fixed49bc7bf38e42cfa642787e947f5721696ea73ac3Fixedf1b743c1955151bd392539b739a3ad155296be13Fixed6a324d77f7ea1a91d55c4b6ad970e3ac9ab6a20dFixed25f3776b58c1c45ad2e50ab4b263505b4d2378caFixeda39cc43efc1bca74ed9d6cf9e60b995071f7d178Fixed65b3f76592aed5a43c4d79375ac097acf975972bFixedccc28c0397f75a3ec9539cceed9db014d7b73869Fixed05872a167c2cab80ef186ef23cc34a6776a1a30c