CVE-2025-38219

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38219
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38219.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38219
Downstream
Published
2025-07-04T13:37:35.984Z
Modified
2026-05-15T11:53:37.384119400Z
Summary
f2fs: prevent kernel warning due to negative i_nlink from corrupted image
Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: prevent kernel warning due to negative i_nlink from corrupted image

WARNING: CPU: 1 PID: 9426 at fs/inode.c:417 dropnlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Modules linked in: CPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted 6.14.0-12627-g94d471a4f428 #2 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:dropnlink+0xac/0xd0 home/cc/linux/fs/inode.c:417 Code: 48 8b 5d 28 be 08 00 00 00 48 8d bb 70 07 00 00 e8 f9 67 e6 ff f0 48 ff 83 70 07 00 00 5b 5d e9 9a 12 82 ff e8 95 12 82 ff 90 <0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 83 12 82 ff e8 fe 5f e6 ff RSP: 0018:ffffc900026b7c28 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8239710f RDX: ffff888041345a00 RSI: ffffffff8239717b RDI: 0000000000000005 RBP: ffff888054509ad0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff9ab36f08 R12: ffff88804bb40000 R13: ffff8880545091e0 R14: 0000000000008000 R15: ffff8880545091e0 FS: 000055555d0c5880(0000) GS:ffff8880eb3e3000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f915c55b178 CR3: 0000000050d20000 CR4: 0000000000352ef0 Call Trace: <task> f2fsilinkswrite home/cc/linux/fs/f2fs/f2fs.h:3194 [inline] f2fsdropnlink+0xd1/0x3c0 home/cc/linux/fs/f2fs/dir.c:845 f2fsdeleteentry+0x542/0x1450 home/cc/linux/fs/f2fs/dir.c:909 f2fsunlink+0x45c/0x890 home/cc/linux/fs/f2fs/namei.c:581 vfsunlink+0x2fb/0x9b0 home/cc/linux/fs/namei.c:4544 dounlinkat+0x4c5/0x6a0 home/cc/linux/fs/namei.c:4608 __dosysunlink home/cc/linux/fs/namei.c:4654 [inline] __sesysunlink home/cc/linux/fs/namei.c:4652 [inline] _x64sysunlink+0xc5/0x110 home/cc/linux/fs/namei.c:4652 dosyscallx64 home/cc/linux/arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xc7/0x250 home/cc/linux/arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f RIP: 0033:0x7fb3d092324b Code: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffdc232d938 EFLAGS: 00000206 ORIGRAX: 0000000000000057 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3d092324b RDX: 00007ffdc232d960 RSI: 00007ffdc232d960 RDI: 00007ffdc232d9f0 RBP: 00007ffdc232d9f0 R08: 0000000000000001 R09: 00007ffdc232d7c0 R10: 00000000fffffffd R11: 0000000000000206 R12: 00007ffdc232eaf0 R13: 000055555d0cebb0 R14: 00007ffdc232d958 R15: 0000000000000001 </task>

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38219.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.8.0
Fixed
5.4.295
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.239
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.186
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.95
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.35
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38219.json"