CVE-2025-39924

Summary

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix invalid algorithm for encoded extents

The current algorithm sanity checks do not properly apply to new encoded extents.

Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX and ensure consistency with sbi->available_compr_algs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1d191b4ca51d73699cb127386b95ac152af2b930 < db5d7abd379a8dcf030be8f52f99cadf7e397ba8affected
LinuxLinux1d191b4ca51d73699cb127386b95ac152af2b930 < 131897c65e2b86cf14bec7379f44aa8fbb407526affected
LinuxLinux6.15affected
LinuxLinux0 < 6.15unaffected
LinuxLinux6.16.8 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References