[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-23233":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":36,"related":37,"reserved_at":9,"published_at":39,"modified_at":40,"state":41,"summary":42,"references_raw":51,"kevs":74,"epss":75,"epss_history":78,"metrics":344,"affected":350},"CVE-2026-23233","In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid mapping wrong physical block for swapfile\n\nXiaolong Guo reported a f2fs bug in bugzilla [1]\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220951\n\nQuoted:\n\n\"When using stress-ng's swap stress test on F2FS filesystem with kernel 6.6+,\nthe system experiences data corruption leading to either:\n1 dm-verity corruption errors and device reboot\n2 F2FS node corruption errors and boot hangs\n\nThe issue occurs specifically when:\n1 Using F2FS filesystem (ext4 is unaffected)\n2 Swapfile size is less than F2FS section size (2MB)\n3 Swapfile has fragmented physical layout (multiple non-contiguous extents)\n4 Kernel version is 6.6+ (6.1 is unaffected)\n\nThe root cause is in check_swap_activate() function in fs/f2fs/data.c. When the\nfirst extent of a small swapfile (\u003C 2MB) is not aligned to section boundaries,\nthe function incorrectly treats it as the last extent, failing to map\nsubsequent extents. This results in incorrect swap_extent creation where only\nthe first extent is mapped, causing subsequent swap writes to overwrite wrong\nphysical locations (other files' data).\n\nSteps to Reproduce\n1 Setup a device with F2FS-formatted userdata partition\n2 Compile stress-ng from https://github.com/ColinIanKing/stress-ng\n3 Run swap stress test: (Android devices)\nadb shell \"cd /data/stressng; ./stress-ng-64 --metrics-brief --timeout 60\n--swap 0\"\n\nLog:\n1 Ftrace shows in kernel 6.6, only first extent is mapped during second\nf2fs_map_blocks call in check_swap_activate():\nstress-ng-swap-8990: f2fs_map_blocks: ino=11002, file offset=0, start\nblkaddr=0x43143, len=0x1\n(Only 4KB mapped, not the full swapfile)\n2 in kernel 6.1, both extents are correctly mapped:\nstress-ng-swap-5966: f2fs_map_blocks: ino=28011, file offset=0, start\nblkaddr=0x13cd4, len=0x1\nstress-ng-swap-5966: f2fs_map_blocks: ino=28011, file offset=1, start\nblkaddr=0x60c84b, len=0xff\n\nThe problematic code is in check_swap_activate():\nif ((pblock - SM_I(sbi)->main_blkaddr) % blks_per_sec ||\n    nr_pblocks % blks_per_sec ||\n    !f2fs_valid_pinned_area(sbi, pblock)) {\n    bool last_extent = false;\n\n    not_aligned++;\n\n    nr_pblocks = roundup(nr_pblocks, blks_per_sec);\n    if (cur_lblock + nr_pblocks > sis->max)\n        nr_pblocks -= blks_per_sec;\n\n    /* this extent is last one */\n    if (!nr_pblocks) {\n        nr_pblocks = last_lblock - cur_lblock;\n        last_extent = true;\n    }\n\n    ret = f2fs_migrate_blocks(inode, cur_lblock, nr_pblocks);\n    if (ret) {\n        if (ret == -ENOENT)\n            ret = -EINVAL;\n        goto out;\n    }\n\n    if (!last_extent)\n        goto retry;\n}\n\nWhen the first extent is unaligned and roundup(nr_pblocks, blks_per_sec)\nexceeds sis->max, we subtract blks_per_sec resulting in nr_pblocks = 0. The\ncode then incorrectly assumes this is the last extent, sets nr_pblocks =\nlast_lblock - cur_lblock (entire swapfile), and performs migration. After\nmigration, it doesn't retry mapping, so subsequent extents are never processed.\n\"\n\nIn order to fix this issue, we need to lookup block mapping info after\nwe migrate all blocks in the tail of swapfile.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[],[],[],[24,26,28,30,32,34],{"_key":25},"OPENSUSE-SU-2026:10387-1",{"_key":27},"DSA-6162-1",{"_key":29},"MGASA-2026-0097",{"_key":31},"MGASA-2026-0098",{"_key":33},"DEBIAN-CVE-2026-23233",{"_key":35},"UBUNTU-CVE-2026-23233",[],[38],{"_key":25},"2026-03-04T14:36:38.076Z","2026-05-23T16:04:19.799Z","Analyzed",{"cisa_kev":43,"cisa_ransomware":43,"cisa_vendor":9,"epss_severity":44,"epss_score":45,"severity":46,"severity_score":47,"severity_version":48,"severity_source":49,"severity_vector":50,"severity_status":41},false,"low",0.00018,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[52,58,62,66,70],{"url":53,"sources":54,"tags":56},"https://git.kernel.org/stable/c/d4534a7f6c92baaf7e12a45fc6e37332cafafc33",[55,49],"cve.org",[57],"Patch",{"url":59,"sources":60,"tags":61},"https://git.kernel.org/stable/c/1ff415eef513bf12deb058fc50d57788c46c48e6",[55,49],[57],{"url":63,"sources":64,"tags":65},"https://git.kernel.org/stable/c/fee27b69dde1a05908b350eea42937af2387c4fe",[55,49],[57],{"url":67,"sources":68,"tags":69},"https://git.kernel.org/stable/c/607cb9d83838d2cd9f0406c2403ed61aadf0edff",[55,49],[57],{"url":71,"sources":72,"tags":73},"https://git.kernel.org/stable/c/5c145c03188bc9ba1c29e0bc4d527a5978fc47f9",[55,49],[57],[],{"date":76,"score":45,"percentile":77},"2026-06-04",0.0482,[79,82,85,88,91,94,98,101,104,107,110,113,116,119,123,126,129,132,135,138,141,144,147,149,152,155,157,160,163,166,169,172,176,179,182,185,188,191,194,197,200,203,206,209,212,215,217,220,223,226,229,232,235,238,241,244,247,250,253,255,257,260,262,265,268,271,274,277,280,282,285,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341],{"date":80,"score":45,"percentile":81},"2026-03-05",0.04357,{"date":83,"score":45,"percentile":84},"2026-03-06",0.04332,{"date":86,"score":45,"percentile":87},"2026-03-07",0.04339,{"date":89,"score":45,"percentile":90},"2026-03-08",0.04343,{"date":92,"score":45,"percentile":93},"2026-03-09",0.0432,{"date":95,"score":96,"percentile":97},"2026-03-10",0.00024,0.06022,{"date":99,"score":96,"percentile":100},"2026-03-11",0.06039,{"date":102,"score":96,"percentile":103},"2026-03-12",0.06061,{"date":105,"score":96,"percentile":106},"2026-03-13",0.06082,{"date":108,"score":96,"percentile":109},"2026-03-14",0.06023,{"date":111,"score":96,"percentile":112},"2026-03-15",0.06014,{"date":114,"score":96,"percentile":115},"2026-03-16",0.05999,{"date":117,"score":96,"percentile":118},"2026-03-17",0.05985,{"date":120,"score":121,"percentile":122},"2026-03-18",0.00013,0.02081,{"date":124,"score":121,"percentile":125},"2026-03-19",0.02079,{"date":127,"score":121,"percentile":128},"2026-03-20",0.02084,{"date":130,"score":121,"percentile":131},"2026-03-21",0.02244,{"date":133,"score":121,"percentile":134},"2026-03-22",0.02242,{"date":136,"score":121,"percentile":137},"2026-03-23",0.02239,{"date":139,"score":121,"percentile":140},"2026-03-24",0.02228,{"date":142,"score":121,"percentile":143},"2026-03-25",0.0222,{"date":145,"score":121,"percentile":146},"2026-03-26",0.02233,{"date":148,"score":121,"percentile":131},"2026-03-27",{"date":150,"score":121,"percentile":151},"2026-03-28",0.02246,{"date":153,"score":121,"percentile":154},"2026-03-29",0.0224,{"date":156,"score":121,"percentile":140},"2026-03-30",{"date":158,"score":121,"percentile":159},"2026-03-31",0.02212,{"date":161,"score":121,"percentile":162},"2026-04-01",0.0221,{"date":164,"score":121,"percentile":165},"2026-04-02",0.02281,{"date":167,"score":121,"percentile":168},"2026-04-03",0.02286,{"date":170,"score":121,"percentile":171},"2026-04-04",0.02287,{"date":173,"score":174,"percentile":175},"2026-04-05",0.00015,0.03339,{"date":177,"score":174,"percentile":178},"2026-04-06",0.03342,{"date":180,"score":174,"percentile":181},"2026-04-07",0.03348,{"date":183,"score":174,"percentile":184},"2026-04-08",0.03353,{"date":186,"score":174,"percentile":187},"2026-04-09",0.03373,{"date":189,"score":174,"percentile":190},"2026-04-10",0.03366,{"date":192,"score":174,"percentile":193},"2026-04-11",0.03334,{"date":195,"score":174,"percentile":196},"2026-04-12",0.03305,{"date":198,"score":174,"percentile":199},"2026-04-13",0.03283,{"date":201,"score":174,"percentile":202},"2026-04-14",0.03253,{"date":204,"score":174,"percentile":205},"2026-04-15",0.03241,{"date":207,"score":174,"percentile":208},"2026-04-16",0.0326,{"date":210,"score":174,"percentile":211},"2026-04-17",0.03268,{"date":213,"score":174,"percentile":214},"2026-04-18",0.03269,{"date":216,"score":174,"percentile":208},"2026-04-19",{"date":218,"score":174,"percentile":219},"2026-04-20",0.0325,{"date":221,"score":174,"percentile":222},"2026-04-21",0.03388,{"date":224,"score":174,"percentile":225},"2026-04-22",0.03401,{"date":227,"score":174,"percentile":228},"2026-04-23",0.034,{"date":230,"score":174,"percentile":231},"2026-04-24",0.03377,{"date":233,"score":174,"percentile":234},"2026-04-25",0.03389,{"date":236,"score":174,"percentile":237},"2026-04-26",0.03379,{"date":239,"score":174,"percentile":240},"2026-04-27",0.03362,{"date":242,"score":174,"percentile":243},"2026-04-28",0.03404,{"date":245,"score":174,"percentile":246},"2026-04-29",0.03423,{"date":248,"score":174,"percentile":249},"2026-04-30",0.03416,{"date":251,"score":174,"percentile":252},"2026-05-01",0.03413,{"date":254,"score":174,"percentile":228},"2026-05-02",{"date":256,"score":174,"percentile":222},"2026-05-03",{"date":258,"score":174,"percentile":259},"2026-05-04",0.03382,{"date":261,"score":174,"percentile":237},"2026-05-05",{"date":263,"score":174,"percentile":264},"2026-05-06",0.03376,{"date":266,"score":174,"percentile":267},"2026-05-07",0.03397,{"date":269,"score":174,"percentile":270},"2026-05-08",0.03409,{"date":272,"score":174,"percentile":273},"2026-05-09",0.03435,{"date":275,"score":174,"percentile":276},"2026-05-10",0.03448,{"date":278,"score":45,"percentile":279},"2026-05-11",0.04777,{"date":281,"score":45,"percentile":279},"2026-05-12",{"date":283,"score":45,"percentile":284},"2026-05-13",0.0478,{"date":286,"score":45,"percentile":279},"2026-05-14",{"date":288,"score":45,"percentile":289},"2026-05-15",0.04778,{"date":291,"score":45,"percentile":292},"2026-05-16",0.04787,{"date":294,"score":45,"percentile":295},"2026-05-17",0.04781,{"date":297,"score":45,"percentile":298},"2026-05-18",0.04757,{"date":300,"score":45,"percentile":301},"2026-05-19",0.04747,{"date":303,"score":45,"percentile":304},"2026-05-20",0.04744,{"date":306,"score":45,"percentile":307},"2026-05-21",0.04746,{"date":309,"score":45,"percentile":310},"2026-05-22",0.04936,{"date":312,"score":45,"percentile":313},"2026-05-23",0.04923,{"date":315,"score":45,"percentile":316},"2026-05-24",0.04928,{"date":318,"score":45,"percentile":319},"2026-05-25",0.04916,{"date":321,"score":45,"percentile":322},"2026-05-26",0.04914,{"date":324,"score":45,"percentile":325},"2026-05-27",0.04941,{"date":327,"score":45,"percentile":328},"2026-05-28",0.04957,{"date":330,"score":45,"percentile":331},"2026-05-29",0.04969,{"date":333,"score":45,"percentile":334},"2026-05-30",0.04982,{"date":336,"score":45,"percentile":337},"2026-05-31",0.04961,{"date":339,"score":45,"percentile":340},"2026-06-01",0.04897,{"date":342,"score":45,"percentile":343},"2026-06-02",0.04856,[345],{"source":49,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":346,"cvss_v4_0":9},{"baseScore":47,"baseSeverity":347,"vectorString":50,"impactScore":348,"exploitabilityScore":349},"HIGH",9.8,4.6,[351,382],{"ecosystem":9,"name":352,"vendor":353,"product":353,"cpe_part":354,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":355},"Linux","linux","a",[356,363,367,370,373,376,380],{"version":357,"is_range":358,"range_type":55,"version_start":359,"version_start_type":360,"version_end":361,"version_end_type":362,"fixed_in":9},">= 40d76c393cca83938b11eb7ca8983aa3cd0ed69b, \u003C d4534a7f6c92baaf7e12a45fc6e37332cafafc33",true,"40d76c393cca83938b11eb7ca8983aa3cd0ed69b","including","d4534a7f6c92baaf7e12a45fc6e37332cafafc33","excluding",{"version":364,"is_range":358,"range_type":55,"version_start":365,"version_start_type":360,"version_end":366,"version_end_type":362,"fixed_in":9},">= 9703d69d9d153bb230711d0d577454552aeb13d4, \u003C 1ff415eef513bf12deb058fc50d57788c46c48e6","9703d69d9d153bb230711d0d577454552aeb13d4","1ff415eef513bf12deb058fc50d57788c46c48e6",{"version":368,"is_range":358,"range_type":55,"version_start":365,"version_start_type":360,"version_end":369,"version_end_type":362,"fixed_in":9},">= 9703d69d9d153bb230711d0d577454552aeb13d4, \u003C fee27b69dde1a05908b350eea42937af2387c4fe","fee27b69dde1a05908b350eea42937af2387c4fe",{"version":371,"is_range":358,"range_type":55,"version_start":365,"version_start_type":360,"version_end":372,"version_end_type":362,"fixed_in":9},">= 9703d69d9d153bb230711d0d577454552aeb13d4, \u003C 607cb9d83838d2cd9f0406c2403ed61aadf0edff","607cb9d83838d2cd9f0406c2403ed61aadf0edff",{"version":374,"is_range":358,"range_type":55,"version_start":365,"version_start_type":360,"version_end":375,"version_end_type":362,"fixed_in":9},">= 9703d69d9d153bb230711d0d577454552aeb13d4, \u003C 5c145c03188bc9ba1c29e0bc4d527a5978fc47f9","5c145c03188bc9ba1c29e0bc4d527a5978fc47f9",{"version":377,"is_range":358,"range_type":55,"version_start":378,"version_start_type":360,"version_end":379,"version_end_type":362,"fixed_in":9},">= 6.6.33, \u003C 6.6.127","6.6.33","6.6.127",{"version":381,"is_range":43,"range_type":55,"version_start":381,"version_start_type":360,"version_end":381,"version_end_type":360,"fixed_in":9},"6.9",{"ecosystem":9,"name":383,"vendor":353,"product":384,"cpe_part":385,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":386},"linux kernel","linux_kernel","o",[387,390,393,397],{"version":388,"is_range":358,"range_type":389,"version_start":378,"version_start_type":360,"version_end":379,"version_end_type":362,"fixed_in":9},"gte6.6.33_lt6.6.127","cpe",{"version":391,"is_range":358,"range_type":389,"version_start":381,"version_start_type":360,"version_end":392,"version_end_type":362,"fixed_in":9},"gte6.9_lt6.12.74","6.12.74",{"version":394,"is_range":358,"range_type":389,"version_start":395,"version_start_type":360,"version_end":396,"version_end_type":362,"fixed_in":9},"gte6.13_lt6.18.13","6.13","6.18.13",{"version":398,"is_range":358,"range_type":389,"version_start":399,"version_start_type":360,"version_end":400,"version_end_type":362,"fixed_in":9},"gte6.19_lt6.19.3","6.19","6.19.3"]