CVE-2026-31577

Name	CVE-2026-31577
Description	In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is initialized lazily during btree operations. However, nilfs_mdt_save_to_shadow_map() assumes i_assoc_inode is already initialized when copying dirty pages to the shadow map during GC. If NILFS_IOCTL_CLEAN_SEGMENTS is called immediately after mount before any btree operation has occurred on the DAT inode, i_assoc_inode is NULL leading to a general protection fault. Fix this by calling nilfs_attach_btree_node_cache() on the DAT inode in nilfs_dat_read() at mount time, ensuring i_assoc_inode is always initialized before any GC operation can use it.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-6238-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	vulnerable
	bullseye (security)	5.10.251-5	vulnerable
	bookworm	6.1.159-1	vulnerable
	bookworm (security)	6.1.172-1	vulnerable
	trixie	6.12.73-1	vulnerable
	trixie (security)	6.12.88-1	fixed
	forky	7.0.4-1	fixed
	sid	7.0.7-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
linux	source	trixie	6.12.85-1		DSA-6238-1
linux	source	(unstable)	6.19.14-1

https://git.kernel.org/linus/4a4e0328edd9e9755843787d28f16dd4165f8b48 (7.1-rc1)