Filesystem Locking Vulnerability in Linux Kernel's F2FS Module

CVE-2025-38347

What is CVE-2025-38347?

A vulnerability in the f2fs module of the Linux kernel could potentially lead to deadlocks when handling inode operations. This issue arises due to insufficient sanity checks on inode numbers and transaction IDs (xnid), especially during the creation of new nodes in directories with corrupted metadata. When the system attempts to access and lock the same inode page multiple times, it results in a deadlock scenario, causing tasks to be blocked for an extended period. To mitigate this risk, a fix has been implemented to add necessary validation checks on inode and transaction IDs, enhancing the stability and security of file operations within affected Linux systems.

References