CVE-2025-38579

Summary

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix KMSAN uninit-value in extent_info usage

KMSAN reported a use of uninitialized value in __is_extent_mergeable() and __is_back_mergeable() via the read extent tree path.

The root cause is that get_read_extent_info() only initializes three fields (fofs, blk, len) of struct extent_info, leaving the remaining fields uninitialized. This leads to undefined behavior when those fields are accessed later, especially during extent merging.

Fix it by zero-initializing the extent_info struct before population.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < 08e8ab00a6d20d5544c932ee85a297d833895141affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < e68b751ec2b15d866967812c57cfdfc1eba6a269affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < dabfa3952c8e6bfe6414dbf32e8b6c5f349dc898affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < 44a79437309e0ee2276ac17aaedc71253af253a8affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < cc1615d5aba4f396cf412579928539a2b124c8a0affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < 01b6f5955e0008af6bc3a181310d2744bb349800affected
LinuxLinux94afd6d6e5253179c9b891d02081cc8355a11768 < 154467f4ad033473e5c903a03e7b9bca7df9a0faaffected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.190 <= 5.15.*unaffected
LinuxLinux6.1.148 <= 6.1.*unaffected
LinuxLinux6.6.102 <= 6.6.*unaffected
LinuxLinux6.12.42 <= 6.12.*unaffected
LinuxLinux6.15.10 <= 6.15.*unaffected
LinuxLinux6.16.1 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References