CVE-2026-23265

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to do sanity check on node footer in {read,write} end io

-----------[ cut here ]------------ kernel BUG at fs/f2fs/data.c:358! Call Trace: blk update request+0x5eb/0xe70 block/blk-mq.c:987 blk mq end request+0x3e/0x70 block/blk-mq.c:1149 blk complete reqs block/blk-mq.c:1224 [inline] blk done softirq+0x107/0x160 block/blk-mq.c:1229 handle softirqs+0x283/0x870 kernel/softirq.c:579 do softirq kernel/softirq.c:613 [inline] invoke softirq kernel/softirq.c:453 [inline] irq exit rcu+0xca/0x1f0 kernel/softirq.c:680 irq exit rcu+0x9/0x30 kernel/softirq.c:696 instr sysvec apic timer interrupt arch/x86/kernel/apic/apic.c:1050 [inline] sysvec apic timer interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1050

In f2fs write end io(), it detects there is inconsistency in between node page index (nid) and footer.nid of node page.

If footer of node page is corrupted in fuzzed image, then we load corrupted node page w/ async method, e.g. f2fs ra node pages() or f2fs ra node page(), in where we won't do sanity check on node footer, once node page becomes dirty, we will encounter this bug after node page writeback.