CVE-2025-71107

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc5-xfstests-g9dd1835ecda5

Description A flaw exists in the Linux kernel's F2FS filesystem implementation where the f2fs put super() function may be called before all node page reads are completed. This can lead to filesystem reference count leaks during unmount operations and potentially cause system crashes, as demonstrated by crashes in Xfstests generic/335 and generic/336. The issue occurs because f2fs put super() is invoked prematurely, before all node pages have finished reading. Adding a call to f2fs wait on all pages() for F2FS RD NODE resolves the problem.

Recommendations Update to a version of the Linux kernel after 6.17.0-rc5-xfstests-g9dd1835ecda5.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-911

Related Identifiers

BDU:2026-01598

CVE-2025-71107

MGASA-2026-0017

MGASA-2026-0018

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

F2Fs

Linuxmint

Linux Kernel

Ubuntu

Xfstests

CVE-2025-71107

Weakness Enumeration

Related Identifiers

Affected Products

References · 716