CVE-2025-37863
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ovl: don't allow datadir only
In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this.
Originally, when data-only layers were introduced, this wasn't allowed, only introduced by the "datadir+" feature, but without actually handling this case, resulting in an Oops.
Fix by disallowing datadir without lowerdir.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | cc0918b3582c98f12cfb30bf7496496d14bff3e9 < 0874b629f65320778e7e3e206177770666d9db18 | affected |
| Linux | Linux | 24e16e385f2272b1a9df51337a5c32d28a29c7ad < b9e3579213ba648fa23f780e8d53e99011c62331 | affected |
| Linux | Linux | 24e16e385f2272b1a9df51337a5c32d28a29c7ad < 21d2ffb0e9838a175064c22f3a9de97d1f56f27d | affected |
| Linux | Linux | 24e16e385f2272b1a9df51337a5c32d28a29c7ad < eb3a04a8516ee9b5174379306f94279fc90424c4 | affected |
| Linux | Linux | 6.6.23 < 6.6.88 | affected |
| Linux | Linux | 6.7 | affected |
| Linux | Linux | 0 < 6.7 | unaffected |
| Linux | Linux | 6.6.88 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.25 <= 6.12.* | unaffected |
| Linux | Linux | 6.14.4 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/0874b629f65320778e7e3e206177770666d9db18
- https://git.kernel.org/stable/c/b9e3579213ba648fa23f780e8d53e99011c62331
- https://git.kernel.org/stable/c/21d2ffb0e9838a175064c22f3a9de97d1f56f27d
- https://git.kernel.org/stable/c/eb3a04a8516ee9b5174379306f94279fc90424c4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.