CVE-2025-68251
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid infinite loops due to corrupted subpage compact indexes
Robert reported an infinite loop observed by two crafted images.
The root cause is that clusterofs can be larger than lclustersize
for !NONHEAD lclusters in corrupted subpage compact indexes, e.g.:
blocksize = lclustersize = 512 lcn = 6 clusterofs = 515
Move the corresponding check for full compress indexes to
z_erofs_load_lcluster_from_disk() to also cover subpage compact
compress indexes.
It also fixes the position of m->type >= Z_EROFS_LCLUSTER_TYPE_MAX
check, since it should be placed right after
z_erofs_load_{compact,full}_lcluster().
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8d2517aaeea3ab8651bb517bca8f3c8664d318ea < dbfac1b85d0753996ddfef636934d431b588dd1f | affected |
| Linux | Linux | 8d2517aaeea3ab8651bb517bca8f3c8664d318ea < 8675447a8794983f2b7e694b378112772c17635e | affected |
| Linux | Linux | 8d2517aaeea3ab8651bb517bca8f3c8664d318ea < e13d315ae077bb7c3c6027cc292401bc0f4ec683 | affected |
| Linux | Linux | 3f691aa676f29586e83e6c032713554a290418c3 | affected |
| Linux | Linux | 22438a34d383ec2789eaf450728e38abc53051f8 | affected |
| Linux | Linux | 6.6.16 < 6.7 | affected |
| Linux | Linux | 6.7.4 < 6.8 | affected |
| Linux | Linux | 6.8 | affected |
| Linux | Linux | 0 < 6.8 | unaffected |
| Linux | Linux | 6.12.91 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.6 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/dbfac1b85d0753996ddfef636934d431b588dd1f
- https://git.kernel.org/stable/c/8675447a8794983f2b7e694b378112772c17635e
- https://git.kernel.org/stable/c/e13d315ae077bb7c3c6027cc292401bc0f4ec683
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.