CVE-2025-38579
Published: Aug 19, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `__is_back_mergeable()` via the read extent tree path. The root cause is that `get_read_extent_info()` only initializes three fields (`fofs`, `blk`, `len`) of `struct extent_info`, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during extent merging. Fix it by zero-initializing the `extent_info` struct before population.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 94afd6d6e5253179c9b891d02081cc8355a11768 - < 08e8ab00a6d20d5544c932ee85a297d833895141affected 94afd6d6e5253179c9b891d02081cc8355a11768 - < e68b751ec2b15d866967812c57cfdfc1eba6a269affected 94afd6d6e5253179c9b891d02081cc8355a11768 - < dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898affected 94afd6d6e5253179c9b891d02081cc8355a11768 - < 44a79437309e0ee2276ac17aaedc71253af253a8affected 94afd6d6e5253179c9b891d02081cc8355a11768 - < cc1615d5aba4f396cf412579928539a2b124c8a0+2 more versions |
Linux | Linux | affected 5.15unaffected 0 - < 5.15unaffected 5.15.190 - <= 5.15.*unaffected 6.1.148 - <= 6.1.*unaffected 6.6.102 - <= 6.6.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now