CVE-2025-37739

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc3-syzkaller-00060-g6537cfb395f3

Description The issue is related to an out-of-bounds access in the f2fs truncate inode blocks() function. The problem occurs when get nid() tries to access an array with an index that is out of range. This happens when f2fs do truncate blocks() attempts to truncate the inode size to zero, but dn.ofs in node is zero and dn.node page is not an inode page. As a result, f2fs truncate inode blocks() receives a zeroed free from value, leading to the out-of-bounds access issue. The estimated number of potentially affected devices is not provided.

Recommendations To resolve the issue, apply the fix to avoid out-of-bounds access in f2fs truncate inode blocks(). Add a sanity check to ensure that dn.node page is an inode page before attempting to truncate the inode size to zero. As a temporary workaround, consider adding a check for dn.ofs in node and IS INODE(dn.node page) before calling f2fs truncate data blocks range() and updating free from. At the moment, there is no information about a newer version that contains a fix for this vulnerability.