In the Linux kernel, the following vulnerability has been resolved:
nilfs2: fix NULL iassocinode dereference in nilfsmdtsavetoshadow_map
The DAT inode's btree node cache (iassocinode) is initialized lazily during btree operations. However, nilfsmdtsavetoshadowmap() assumes iassoc_inode is already initialized when copying dirty pages to the shadow map during GC.
If NILFSIOCTLCLEANSEGMENTS is called immediately after mount before any btree operation has occurred on the DAT inode, iassoc_inode is NULL leading to a general protection fault.
Fix this by calling nilfsattachbtreenodecache() on the DAT inode in nilfsdatread() at mount time, ensuring iassocinode is always initialized before any GC operation can use it.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31577.json"
}