VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-agz8-xv9n-7qfh

Essentials
Severities (9)
References (14)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-agz8-xv9n-7qfh
Aliases	CVE-2024-26869
Summary	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty\|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_write : write old data to new blkaddr Because invalidate_mapping_pages() will skip invalidating page which has unclear status including locked, dirty, writeback and so on, so we need to use truncate_inode_pages_range() instead of invalidate_mapping_pages() to make sure meta_inode page will be dropped.
Status	Published
Exploitability	0.5
Weighted Severity	4.2
Risk	2.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

System	Score	Found at
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26869.json
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-26869
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-26869
epss	0.00014	https://api.first.org/data/v1/epss?cve=CVE-2024-26869
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc	Track	https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253
ssvc	Track	https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189
ssvc	Track	https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65
ssvc	Track	https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26869.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-26869
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26869
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
04226d8e3c4028dc451e9d8777356ec0f7919253		https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253
2275713		https://bugzilla.redhat.com/show_bug.cgi?id=2275713
77bfdb89cc222fc7bfe198eda77bdc427d5ac189		https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189
9f0c4a46be1fe9b97dbe66d49204c1371e3ece65		https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65
c92f2927df860a60ba815d3ee610a944b92a8694		https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694
USN-6816-1		https://usn.ubuntu.com/6816-1/
USN-6817-1		https://usn.ubuntu.com/6817-1/
USN-6817-2		https://usn.ubuntu.com/6817-2/
USN-6817-3		https://usn.ubuntu.com/6817-3/
USN-6878-1		https://usn.ubuntu.com/6878-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26869.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T17:28:33Z/ Found at https://git.kernel.org/stable/c/04226d8e3c4028dc451e9d8777356ec0f7919253

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T17:28:33Z/ Found at https://git.kernel.org/stable/c/77bfdb89cc222fc7bfe198eda77bdc427d5ac189

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T17:28:33Z/ Found at https://git.kernel.org/stable/c/9f0c4a46be1fe9b97dbe66d49204c1371e3ece65

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-12T17:28:33Z/ Found at https://git.kernel.org/stable/c/c92f2927df860a60ba815d3ee610a944b92a8694

Exploit Prediction Scoring System (EPSS)

Percentile	0.02729
EPSS Score	0.00014
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:50:03.571357+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	38.6.0