{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T16:10:17.215","vulnerabilities":[{"cve":{"id":"CVE-2025-38218","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-07-04T14:15:30.353","lastModified":"2025-12-18T20:00:23.507","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on sit_bitmap_size\n\nw/ below testcase, resize will generate a corrupted image which\ncontains inconsistent metadata, so when mounting such image, it\nwill trigger kernel panic:\n\ntouch img\ntruncate -s $((512*1024*1024*1024)) img\nmkfs.f2fs -f img $((256*1024*1024))\nresize.f2fs -s -i img -t $((1024*1024*1024))\nmount img /mnt/f2fs\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.h:863!\nOops: invalid opcode: 0000 [#1] SMP PTI\nCPU: 11 UID: 0 PID: 3922 Comm: mount Not tainted 6.15.0-rc1+ #191 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:f2fs_ra_meta_pages+0x47c/0x490\n\nCall Trace:\n f2fs_build_segment_manager+0x11c3/0x2600\n f2fs_fill_super+0xe97/0x2840\n mount_bdev+0xf4/0x140\n legacy_get_tree+0x2b/0x50\n vfs_get_tree+0x29/0xd0\n path_mount+0x487/0xaf0\n __x64_sys_mount+0x116/0x150\n do_syscall_64+0x82/0x190\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7fdbfde1bcfe\n\nThe reaseon is:\n\nsit_i->bitmap_size is 192, so size of sit bitmap is 192*8=1536, at maximum\nthere are 1536 sit blocks, however MAIN_SEGS is 261893, so that sit_blk_cnt\nis 4762, build_sit_entries() -> current_sit_addr() tries to access\nout-of-boundary in sit_bitmap at offset from [1536, 4762), once sit_bitmap\nand sit_bitmap_mirror is not the same, it will trigger f2fs_bug_on().\n\nLet's add sanity check in f2fs_sanity_check_ckpt() to avoid panic."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para realizar una comprobación de cordura en sit_bitmap_size con el siguiente caso de prueba, el cambio de tamaño generará una imagen dañada que contiene metadatos inconsistentes, por lo que al montar dicha imagen, activará el pánico del kernel: touch img truncate -s $((512*1024*1024*1024)) img mkfs.f2fs -f img $((256*1024*1024)) resize.f2fs -s -i img -t $((1024*1024*1024)) mount img /mnt/f2fs ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.h:863! Oops: invalid opcode: 0000 [#1] SMP PTI CPU: 11 UID: 0 PID: 3922 Comm: mount Not tainted 6.15.0-rc1+ #191 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_ra_meta_pages+0x47c/0x490 Call Trace: f2fs_build_segment_manager+0x11c3/0x2600 f2fs_fill_super+0xe97/0x2840 mount_bdev+0xf4/0x140 legacy_get_tree+0x2b/0x50 vfs_get_tree+0x29/0xd0 path_mount+0x487/0xaf0 __x64_sys_mount+0x116/0x150 do_syscall_64+0x82/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fdbfde1bcfe La razón es: sit_i->bitmap_size es 192, por lo que el tamaño del mapa de bits sit es 192*8=1536, como máximo hay 1536 bloques sit, sin embargo MAIN_SEGS es 261893, por lo que sit_blk_cnt es 4762, build_sit_entries() -> current_sit_addr() intenta acceder fuera de los límites en sit_bitmap en el desplazamiento de [1536, 4762), si sit_bitmap y sit_bitmap_mirror no coinciden, se activará f2fs_bug_on(). Agreguemos una comprobación de validez en f2fs_sanity_check_ckpt() para evitar problemas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.239","matchCriteriaId":"1C6FE3C4-6011-4190-B535-C67405D7E952"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.186","matchCriteriaId":"D96F2C0D-0D4A-4658-AD34-D8A626EA422D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"6.1.142","matchCriteriaId":"459B4E94-FE0E-434D-B782-95E3A5FFC6B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.95","matchCriteriaId":"C5E01853-7048-4D78-9479-9AEE41AC8456"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.12.35","matchCriteriaId":"E569FD34-0076-4428-BE17-EECCF867611C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.15.4","matchCriteriaId":"DFD174C5-1AA2-4671-BDDC-1A9FCC753655"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/38ef48a8afef8df646b6f6ae7abb872f18b533c1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3e5ac62a56a24f4d88ce8ffd7bc452428b235868","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5db0d252c64e91ba1929c70112352e85dc5751e7","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/79ef8a6c4ec53d327580fd7d2b522cf4f1d05b0c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/82f51bff393e4c12cf4de553120ca831cfa4ef19","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ad862f71016ba38039df1c96ed55c0a4314cc183","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ee1b421c469876544e297ec1090574bd76100247","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}