CVE-2025-68210

Summary

In the Linux kernel, the following vulnerability has been resolved:

erofs: avoid infinite loop due to incomplete zstd-compressed data

Currently, the decompression logic incorrectly spins if compressed data is truncated in crafted (deliberately corrupted) images.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c35de4df1056a5a1fb4de042197b8f5b1033b61 < 4d0e0bb1908acac5b27d30b45c450e8ead97eb00affected
LinuxLinux7c35de4df1056a5a1fb4de042197b8f5b1033b61 < 1f86d73a0afe43b6a85d2aa8207853350b7e2111affected
LinuxLinux7c35de4df1056a5a1fb4de042197b8f5b1033b61 < f2a12cc3b97f062186568a7b94ddb7aa2ef68140affected
LinuxLinux6.10affected
LinuxLinux0 < 6.10unaffected
LinuxLinux6.12.59 <= 6.12.*unaffected
LinuxLinux6.17.9 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References