CVE-2025-68772
- Source
- https://cve.org/CVERecord?id=CVE-2025-68772
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68772.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-68772
- Downstream
- Related
- Published
- 2026-01-13T15:28:49.924Z
- Modified
- 2026-03-12T04:31:57.112702Z
- Summary
- f2fs: fix to avoid updating compression context during writeback
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid updating compression context during writeback
Bai, Shuangpeng sjb7183@psu.edu reported a bug as below:
Oops: divide error: 0000 [#1] SMP KASAN PTI CPU: 0 UID: 0 PID: 11441 Comm: syz.0.46 Not tainted 6.17.0 #1 PREEMPT(full) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:f2fsallclusterpageready+0x106/0x550 fs/f2fs/compress.c:857 Call Trace: <TASK> f2fswritecache_pages fs/f2fs/data.c:3078 [inline] __f2fswritedatapages fs/f2fs/data.c:3290 [inline] f2fswritedatapages+0x1c19/0x3600 fs/f2fs/data.c:3317 dowritepages+0x38e/0x640 mm/page-writeback.c:2634 filemapfdatawrite_wbc mm/filemap.c:386 [inline] _filemapfdatawriterange mm/filemap.c:419 [inline] filewriteandwaitrange+0x2ba/0x3e0 mm/filemap.c:794 f2fsdosyncfile+0x6e6/0x1b00 fs/f2fs/file.c:294 genericwritesync include/linux/fs.h:3043 [inline] f2fsfilewriteiter+0x76e/0x2700 fs/f2fs/file.c:5259 newsyncwrite fs/readwrite.c:593 [inline] vfswrite+0x7e9/0xe00 fs/readwrite.c:686 ksyswrite+0x19d/0x2d0 fs/readwrite.c:738 dosyscallx64 arch/x86/entry/syscall64.c:63 [inline] dosyscall64+0xf7/0x470 arch/x86/entry/syscall64.c:94 entrySYSCALL64afterhwframe+0x77/0x7f
The bug was triggered w/ below race condition:
fsync setattr ioctl - f2fsdosyncfile - filewriteandwaitrange - f2fswritecachepages : inode is non-compressed : cc.clustersize = F2FSI(inode)->iclustersize = 0 - tagpagesforwriteback - f2fssetattr - truncatesetsize - f2fstruncate - f2fsfileattrset - f2fssetflagscommon - setcompresscontext : F2FSI(inode)->iclustersize = 4 : setinodeflag(inode, FICOMPRESSEDFILE) - f2fscompressedfile : return true - f2fsallclusterpageready : "pgidx % cc->clustersize" trigger dividing 0 issue
Let's change as below to fix this issue: - introduce a new atomic type variable .writeback in structure f2fsinodeinfo to track the number of threads which calling f2fswritecachepages(). - use .isem lock to protect .writeback update. - check .writeback before update compression context in f2fssetflagscommon() to avoid race w/ ->writepages.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68772.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/0bf1a02494c7eb5bd43445de4c83c8592e02c4bf
- https://git.kernel.org/stable/c/0df713a9c082a474c8b0bcf670edc8e98461d5a0
- https://git.kernel.org/stable/c/10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76
- https://git.kernel.org/stable/c/ad26bfbc085c939b5dca77ff8c14798c06d151c4
- https://git.kernel.org/stable/c/bcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68772.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68772
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced4c8ff7095bef64fc47e996a938f7d57f9e077da3Fixedad26bfbc085c939b5dca77ff8c14798c06d151c4Fixedbcd0086ee5a2e88c1224ff2ec1e4a43c83efe5a0Fixed0bf1a02494c7eb5bd43445de4c83c8592e02c4bfFixed0df713a9c082a474c8b0bcf670edc8e98461d5a0Fixed10b591e7fb7cdc8c1e53e9c000dc0ef7069aaa76