CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

🗓️ 22 Aug 2025 16:00:35Reported by LinuxType

CVE-2025-38627: f2fs compress fix UAF of inode in f2fs_free_dic; stores comp_alg and sbi in dic

Reporter	Title	Published	Views	Family All 64
AstraLinux	Astra Linux – Vulnerability in Linux 5.10	3 May 202623:59	–	astralinux
CBLMariner	CVE-2025-38627 affecting package kernel for versions less than 6.6.119.3-1	12 Jan 202621:27	–	cbl_mariner
Chainguard	CVE-2025-38627 vulnerabilities	14 Jan 202601:17	–	cgr
Circl	CVE-2025-38627	2 Apr 202617:00	–	circl
CNNVD	Linux kernel 安全漏洞	22 Aug 202500:00	–	cnnvd
CVE	CVE-2025-38627	22 Aug 202516:00	–	cve
Debian	[SECURITY] [DSA 6238-1] linux security update	30 Apr 202620:05	–	debian
Debian CVE	CVE-2025-38627	22 Aug 202516:00	–	debiancve
Tenable Nessus	Debian dsa-6238 : ata-modules-6.12.74+deb13+1-armmp-di - security update	30 Apr 202600:00	–	nessus
Tenable Nessus	Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel vulnerabilities (USN-8095-1)	17 Mar 202600:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/compress.c",
      "fs/f2fs/f2fs.h"
    ],
    "versions": [
      {
        "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
        "lessThan": "74cbeeca4f16823ba58c882e1d8b836c0e39c93d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
        "lessThan": "5d604d40cd3232b09cb339941ef958e49283ed0a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
        "lessThan": "cc81768212cdc509e5a986274db7bc24d18cde19",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
        "lessThan": "8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "bff139b49d9f70c1ac5384aac94554846aa834de",
        "lessThan": "39868685c2a94a70762bc6d77dc81d781d05bff5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/f2fs/compress.c",
      "fs/f2fs/f2fs.h"
    ],
    "versions": [
      {
        "version": "6.0",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.0",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.1.175",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.118",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.78",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.1",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/5d604d40cd3232b09cb339941ef958e49283ed0a
git	www.git.kernel.org/stable/c/39868685c2a94a70762bc6d77dc81d781d05bff5
git	www.git.kernel.org/stable/c/8fae5b6addd5f6895e03797b56e3c7b9f9cd15c9
git	www.git.kernel.org/stable/c/74cbeeca4f16823ba58c882e1d8b836c0e39c93d
git	www.git.kernel.org/stable/c/cc81768212cdc509e5a986274db7bc24d18cde19

01 Jun 2026 16:05Current

EPSS0.00154