{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "855c54f1803e3ebc613677b4f389c7f92656a1fc"
            },
            {
              "fixed": "59970b2586fef4b13e96527b9d232bed30b640cd"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "50ac3ecd8e05b6bcc350c71a4307d40c030ec7e4"
            },
            {
              "fixed": "a10b89343d41ceee1af0ec38d3a74e526c77fa09"
            },
            {
              "fixed": "7b9161a605e91d0987e2596a245dc1f21621b23f"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "c386753db52b3a80afa6612bfdcb925aa5ca260f"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.18.13"
            },
            {
              "fixed": "6.18.25"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "6.19.3"
            },
            {
              "fixed": "6.20"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.18.25"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43349.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer\n\nsyzbot reported a f2fs bug as below:\n\nBUG: KMSAN: uninit-value in f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520\n f2fs_sanity_check_node_footer+0x374/0xa20 fs/f2fs/node.c:1520\n f2fs_finish_read_bio+0xe1e/0x1d60 fs/f2fs/data.c:177\n f2fs_read_end_io+0x6ab/0x2220 fs/f2fs/data.c:-1\n bio_endio+0x1006/0x1160 block/bio.c:1792\n submit_bio_noacct+0x533/0x2960 block/blk-core.c:891\n submit_bio+0x57a/0x620 block/blk-core.c:926\n blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline]\n f2fs_submit_read_bio+0x12c/0x360 fs/f2fs/data.c:557\n f2fs_submit_page_bio+0xee2/0x1450 fs/f2fs/data.c:775\n read_node_folio+0x384/0x4b0 fs/f2fs/node.c:1481\n __get_node_folio+0x5db/0x15d0 fs/f2fs/node.c:1576\n f2fs_get_inode_folio+0x40/0x50 fs/f2fs/node.c:1623\n do_read_inode fs/f2fs/inode.c:425 [inline]\n f2fs_iget+0x1209/0x9380 fs/f2fs/inode.c:596\n f2fs_fill_super+0x8f5a/0xb2e0 fs/f2fs/super.c:5184\n get_tree_bdev_flags+0x6e6/0x920 fs/super.c:1694\n get_tree_bdev+0x38/0x50 fs/super.c:1717\n f2fs_get_tree+0x35/0x40 fs/f2fs/super.c:5436\n vfs_get_tree+0xb3/0x5d0 fs/super.c:1754\n fc_mount fs/namespace.c:1193 [inline]\n do_new_mount_fc fs/namespace.c:3763 [inline]\n do_new_mount+0x885/0x1dd0 fs/namespace.c:3839\n path_mount+0x7a2/0x20b0 fs/namespace.c:4159\n do_mount fs/namespace.c:4172 [inline]\n __do_sys_mount fs/namespace.c:4361 [inline]\n __se_sys_mount+0x704/0x7f0 fs/namespace.c:4338\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:4338\n x64_sys_call+0x39f0/0x3ea0 arch/x86/include/generated/asm/syscalls_64.h:166\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x134/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is: in f2fs_finish_read_bio(), we may access uninit data\nin folio if we failed to read the data from device into folio, let's add\na check condition to avoid such issue.",
  "id": "CVE-2026-43349",
  "modified": "2026-07-15T01:49:15.582592203Z",
  "published": "2026-05-08T13:41:52.611Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/59970b2586fef4b13e96527b9d232bed30b640cd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7b9161a605e91d0987e2596a245dc1f21621b23f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a10b89343d41ceee1af0ec38d3a74e526c77fa09"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43349.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43349"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.8.0",
  "summary": "f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer"
}