CVE-2025-68769
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd mount /dev/vdd /mnt/f2fs touch /mnt/f2fs/foo sync echo 111 >> /mnt/f2fs/foo f2fs_io fsync /mnt/f2fs/foo f2fs_io shutdown 2 /mnt/f2fs umount /mnt/f2fs mount -o ro,norecovery /dev/vdd /mnt/f2fs or mount -o ro,disable_roll_forward /dev/vdd /mnt/f2fs F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 F2FS-fs (vdd): Mounted with checkpoint version = 7f5c361f F2FS-fs (vdd): Stopped filesystem due to reason: 0 F2FS-fs (vdd): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 Filesystem f2fs get_tree() didn't set fc->root, returned 1 ------------[ cut here ]------------ kernel BUG at fs/super.c:1761! Oops: invalid opcode: 0000 [#1] SMP PTI CPU: 3 UID: 0 PID: 722 Comm: mount Not tainted 6.18.0-rc2+ #721 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:vfs_get_tree.cold+0x18/0x1a Call Trace: <TASK> fc_mount+0x13/0xa0 path_mount+0x34e/0xc50 __x64_sys_mount+0x121/0x150 do_syscall_64+0x84/0x800 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fa6cc126cfe The root cause is we missed to handle error number returned from f2fs_recover_fsync_data() when mounting image w/ ro,norecovery or ro,disable_roll_forward mount option, result in returning a positive error number to vfs_get_tree(), fix it.
Affected versions
Linux kernel versions
4.4.172,
4.7
and later are affected. Fixed in
5.10.248,
5.15.198,
6.1.160,
6.6.120,
6.12.64,
6.18.3,
6.19
and their respective stable series.
References
The following references provide additional information about CVE-2025-68769 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/01fba45deaddcce0d0b01c411435d1acf6feab7b
-
PatchKernel patch commithttps://git.kernel.org/stable/c/0de4977a1eeafe9d77701e3c031a1bcdba389243
-
PatchKernel patch commithttps://git.kernel.org/stable/c/4560db9678a2c5952b6205fbca468c6805c2ba2a
Frequently asked questions
-
What is CVE-2025-68769?
CVE-2025-68769 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 4.4.172 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68769 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2025-68769?
Yes — CVE-2025-68769 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 4.4.172 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2025-68769 actively exploited?
No — CVE-2025-68769 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.