AZL-64889

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64889.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-64889

Upstream

CVE-2025-38333

Published

2025-07-10T09:15:27Z

Modified

2026-04-21T04:32:36.206416Z

Summary

CVE-2025-38333 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to bail out in getnewsegment()

------------[ cut here ]------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 newcurseg+0x5e8/0x6dc pc : newcurseg+0x5e8/0x6dc Call trace: newcurseg+0x5e8/0x6dc f2fsallocatedatablock+0xa54/0xe28 dowritepage+0x6c/0x194 f2fsdowritenodepage+0x38/0x78 __writenodepage+0x248/0x6d4 f2fs_syncnodepages+0x524/0x72c f2fswritecheckpoint+0x4bc/0x9b0 _checkpointandcompletereqs+0x80/0x244 issuecheckpointthread+0x8c/0xec kthread+0x114/0x1bc retfromfork+0x10/0x20

getnewsegment() detects inconsistent status in between freesegmap and freesecmap, let's record such error into super block, and bail out getnewsegment() instead of continue using the segment.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38333

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-64889.json"