CVE-2025-22123

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been identified, specifically in the f2fs filesystem. The issue arises when the f2fs write inode function fails to check the CP ERROR FLAG flag, leading to the access of an invalid curseg->segno value. This can result in a panic. The vulnerability is triggered when no free segment fault occurs in the allocator, causing curseg->segno to be updated to NULL SEGNO. Technical details about the issue include the involvement of functions such as f2fs is checkpoint ready, has enough free secs, has not enough free secs, get secs required, has curseg enough space, and get ckpt valid blocks.

Recommendations To resolve the issue, check the CP ERROR FLAG flag prior to calling f2fs is checkpoint ready in f2fs write inode. Additionally, in has curseg enough space, save curseg->segno into a temporary variable and verify its validation before use. At the moment, there is no information about a newer version that contains a fix for this vulnerability.