Security tracker / CVE-2025-40054

CVE-2025-40054

f2fs: fix UAF issue in f2fs_merge_page_bio()

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 0b20fcec8651 ("f2fs: cache global IPU bio"). Vulnerable versions:
 carnil> 5.5.

Bugs

Status

Branch	Status
upstream	released (6.18-rc1) [edf7e9040fc52c922db947f9c6c36f07377c52ea]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	released (6.17.3) [01118321e0c8a5f3ece57d0d377bfc92d83cd210]
6.12-upstream-stable	needed
6.6-upstream-stable	needed
6.1-upstream-stable	needed
5.10-upstream-stable	needed
sid	released (6.17.6-1)
6.12-trixie-security	needed
6.1-bookworm-security	needed
5.10-bullseye-security	needed