QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-31715

Back to search

CVE-2026-31715

Published: May 1, 2026

Modified: May 17, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is as follows: F2FS_WB_CP_DATA write callback umount - f2fs_write_checkpoint - f2fs_wait_on_all_pages(sbi, F2FS_WB_CP_DATA) - blk_mq_end_request - bio_endio - f2fs_write_end_io : dec_page_count(sbi, F2FS_WB_CP_DATA) : wake_up(&sbi->cp_wait) - kill_f2fs_super - kill_block_super - f2fs_put_super : iput(sbi->node_inode) : sbi->node_inode = NULL : f2fs_in_warm_node_list - is_node_folio // sbi->node_inode is NULL and panic The root cause is that f2fs_put_super() calls iput(sbi->node_inode) and sets sbi->node_inode to NULL after sbi->nr_pages[F2FS_WB_CP_DATA] is decremented to zero. As a result, f2fs_in_warm_node_list() may dereference a NULL node_inode when checking whether a folio belongs to the node inode, leading to a panic. This patch fixes the issue by calling f2fs_in_warm_node_list() before decrementing sbi->nr_pages[F2FS_WB_CP_DATA], thus preventing the use-after-free condition.

VendorProductVersions

Linux

Linux

affected
50fa53eccf9f911a5b435248a2b0bd484fd82e5e - < 1171f329cf1c175321251ac40fd126150d7ad1e8
affected
50fa53eccf9f911a5b435248a2b0bd484fd82e5e - < 7be222de96c0f9eee6e65eeb017ef855ee185cfa
affected
50fa53eccf9f911a5b435248a2b0bd484fd82e5e - < 963d2e24d9d92a31e6773b0f642214f10013ebf7
affected
50fa53eccf9f911a5b435248a2b0bd484fd82e5e - < 188bb65f247a7a7c62f287c9a263aee3cad96fa5
affected
50fa53eccf9f911a5b435248a2b0bd484fd82e5e - < 2d9c4a4ed4eef1f82c5b16b037aee8bad819fd53

Linux

Linux

affected
4.19
unaffected
0 - < 4.19
unaffected
6.6.140 - <= 6.6.*
unaffected
6.12.86 - <= 6.12.*
unaffected
6.18.25 - <= 6.18.*

+2 more versions

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now