4.7
CVE-2026-46194
- EPSS 0.09%
- Veröffentlicht 28.05.2026 09:36:47
- Zuletzt bearbeitet 10.06.2026 19:19:50
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
f2fs: fix node_cnt race between extent node destroy and writeback
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix node_cnt race between extent node destroy and writeback
f2fs_destroy_extent_node() does not set FI_NO_EXTENT before clearing
extent nodes. When called from f2fs_drop_inode() with I_SYNC set,
concurrent kworker writeback can insert new extent nodes into the same
extent tree, racing with the destroy and triggering f2fs_bug_on() in
__destroy_extent_node(). The scenario is as follows:
drop inode writeback
- iput
- f2fs_drop_inode // I_SYNC set
- f2fs_destroy_extent_node
- __destroy_extent_node
- while (node_cnt) {
write_lock(&et->lock)
__free_extent_tree
write_unlock(&et->lock)
- __writeback_single_inode
- f2fs_outplace_write_data
- f2fs_update_read_extent_cache
- __update_extent_tree_range
// FI_NO_EXTENT not set,
// insert new extent node
} // node_cnt == 0, exit while
- f2fs_bug_on(node_cnt) // node_cnt > 0
Additionally, __update_extent_tree_range() only checks FI_NO_EXTENT for
EX_READ type, leaving EX_BLOCK_AGE updates completely unprotected.
This patch set FI_NO_EXTENT under et->lock in __destroy_extent_node(),
consistent with other callers (__update_extent_tree_range and
__drop_extent_tree) and check FI_NO_EXTENT for both EX_READ and
EX_BLOCK_AGE tree.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.6.66 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.12.5 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
https://git.kernel.org/stable/c/42dd1c91f993431d0b399502479d00e6ad1bca71
https://git.kernel.org/stable/c/ab1eaf9d5c99042f5b0243bf67a06283a4c0757f
https://git.kernel.org/stable/c/b0e4395870eb3441ddc959f6710b5f6ca61aff26
https://git.kernel.org/stable/c/0559a0e962aacbb47519e26ee663be04b72dcb92
https://git.kernel.org/stable/c/ed78aeebef05212ef7dca93bd931e4eff67c113f