CVE-2025-68796 - Vulnerability Details

- f2fs: fix to avoid updating zero-sized extent in extent cache

Description

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid updating zero-sized extent in extent cache

As syzbot reported:

F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0]
------------[ cut here ]------------
kernel BUG at fs/f2fs/extent_cache.c:678!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full)
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
RIP: 0010:__update_extent_tree_range+0x13bc/0x1500 fs/f2fs/extent_cache.c:678
Call Trace:
<TASK>
f2fs_update_read_extent_cache_range+0x192/0x3e0 fs/f2fs/extent_cache.c:1085
f2fs_do_zero_range fs/f2fs/file.c:1657 [inline]
f2fs_zero_range+0x10c1/0x1580 fs/f2fs/file.c:1737
f2fs_fallocate+0x583/0x990 fs/f2fs/file.c:2030
vfs_fallocate+0x669/0x7e0 fs/open.c:342
ioctl_preallocate fs/ioctl.c:289 [inline]
file_ioctl+0x611/0x780 fs/ioctl.c:-1
do_vfs_ioctl+0xb33/0x1430 fs/ioctl.c:576
__do_sys_ioctl fs/ioctl.c:595 [inline]
__se_sys_ioctl+0x82/0x170 fs/ioctl.c:583
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f07bc58eec9

In error path of f2fs_zero_range(), it may add a zero-sized extent
into extent cache, it should be avoided.

Published: 2026-01-13

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< 9c07bd262c13ca922adad6e7613d48505f97f548
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< 72c58a82e6fb7b327e8701f5786c70c3edc56188
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< e50b81c50fcbe63f50405bb40f262162ff32af88
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< efe3371001f50a2d6f746b50bdc6f9f26b2089ec
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< 4f244c64efe628d277b916f47071adf480eb8646
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< bac23833220a1f8fe8dfab7e16efa20ff64d7589
`6e9619499f53b22ead972e476c0e8341c997d929`	affected	< 7c37c79510329cd951a4dedf3f7bf7e2b18dccec

Linux

affected

Version	Status	Constraints
`4.7`	affected	—
`0`	unaffected	< 4.7
`5.10.248`	unaffected	≤ 5.10.*
`5.15.198`	unaffected	≤ 5.15.*
`6.1.160`	unaffected	≤ 6.1.*
`6.6.120`	unaffected	≤ 6.6.*
`6.12.64`	unaffected	≤ 6.12.*
`6.18.3`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4475-1	linux security update
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update
Ubuntu USN	USN-8096-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8096-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8096-4	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8096-5	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-8116-1	Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN	USN-8141-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8163-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8163-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8177-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8179-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8177-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8183-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8184-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8179-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8185-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8179-3	Linux kernel vulnerabilities
Ubuntu USN	USN-8183-2	Linux kernel vulnerabilities
Ubuntu USN	USN-8203-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-8204-1	Linux kernel (Raspberry Pi Real-time) vulnerabilities
Ubuntu USN	USN-8185-2	Linux kernel (Low Latency NVIDIA) vulnerabilities
Ubuntu USN	USN-8179-4	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-8243-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8245-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8257-1	Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN	USN-8258-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-8260-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-8261-1	Linux kernel (Xilinx) vulnerabilities
Ubuntu USN	USN-8265-1	Linux kernel (NVIDIA Tegra) vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00068.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4f244c64efe628d277b916f47071adf480eb8646
https://git.kernel.org/stable/c/72c58a82e6fb7b327e8701f5786c70c3edc56188
https://git.kernel.org/stable/c/7c37c79510329cd951a4dedf3f7bf7e2b18dccec
https://git.kernel.org/stable/c/9c07bd262c13ca922adad6e7613d48505f97f548
https://git.kernel.org/stable/c/bac23833220a1f8fe8dfab7e16efa20ff64d7589
https://git.kernel.org/stable/c/e50b81c50fcbe63f50405bb40f262162ff32af88
https://git.kernel.org/stable/c/efe3371001f50a2d6f746b50bdc6f9f26b2089ec
https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68796-9eee@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-68796
https://www.cve.org/CVERecord?id=CVE-2025-68796

History

Mon, 19 Jan 2026 12:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/72c58a82e6fb7b327e8701f5786c70c3edc56188 https://git.kernel.org/stable/c/9c07bd262c13ca922adad6e7613d48505f97f548

Thu, 15 Jan 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026011306-CVE-2025-68796-9eee@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-68796 https://www.cve.org/CVERecord?id=CVE-2025-68796

Tue, 13 Jan 2026 15:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating zero-sized extent in extent cache As syzbot reported: F2FS-fs (loop0): __update_extent_tree_range: extent len is zero, type: 0, extent [0, 0, 0], age [0, 0] ------------[ cut here ]------------ kernel BUG at fs/f2fs/extent_cache.c:678! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:__update_extent_tree_range+0x13bc/0x1500 fs/f2fs/extent_cache.c:678 Call Trace: <TASK> f2fs_update_read_extent_cache_range+0x192/0x3e0 fs/f2fs/extent_cache.c:1085 f2fs_do_zero_range fs/f2fs/file.c:1657 [inline] f2fs_zero_range+0x10c1/0x1580 fs/f2fs/file.c:1737 f2fs_fallocate+0x583/0x990 fs/f2fs/file.c:2030 vfs_fallocate+0x669/0x7e0 fs/open.c:342 ioctl_preallocate fs/ioctl.c:289 [inline] file_ioctl+0x611/0x780 fs/ioctl.c:-1 do_vfs_ioctl+0xb33/0x1430 fs/ioctl.c:576 __do_sys_ioctl fs/ioctl.c:595 [inline] __se_sys_ioctl+0x82/0x170 fs/ioctl.c:583 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f07bc58eec9 In error path of f2fs_zero_range(), it may add a zero-sized extent into extent cache, it should be avoided.
Title		f2fs: fix to avoid updating zero-sized extent in extent cache
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4f244c64efe628d277b916f47071adf480eb8646 https://git.kernel.org/stable/c/7c37c79510329cd951a4dedf3f7bf7e2b18dccec https://git.kernel.org/stable/c/bac23833220a1f8fe8dfab7e16efa20ff64d7589 https://git.kernel.org/stable/c/e50b81c50fcbe63f50405bb40f262162ff32af88 https://git.kernel.org/stable/c/efe3371001f50a2d6f746b50bdc6f9f26b2089ec

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-01-13T15:29:06.892Z

Updated: 2026-05-11T21:53:30.248Z

Reserved: 2025-12-24T10:30:51.042Z

Link: CVE-2025-68796

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-01-13T16:16:01.540

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-68796

Redhat

Severity :

Publid Date: 2026-01-13T00:00:00Z

Links: CVE-2025-68796 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object