SB20260529112 - Improper control of a resource through its lifetime in Linux kernel f2fs



SB20260529112 - Improper control of a resource through its lifetime in Linux kernel f2fs

Published: May 29, 2026

Security Bulletin ID SB20260529112
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-46175)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause file system inconsistency.

The vulnerability exists due to improper state management in f2fs node block migration when performing foreground garbage collection of node blocks. A local user can trigger node block migration and subsequent file system checking to cause file system inconsistency.

The issue occurs because dentry and fsync marks are not cleared during foreground garbage collection, which can cause fsck to misinterpret migrated node blocks as fsync-written data.


Remediation

Install update from vendor's website.