| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025041613-CVE-2025-22079-c7b2@gregkh> Date: Wed, 16 Apr 2025 16:12:50 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-22079: ocfs2: validate l_tree_depth to avoid out-of-bounds access Description =========== In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1]. The Linux kernel CVE team has assigned CVE-2025-22079 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.4.292 with commit ef34840bda333fe99bafbd2d73b70ceaaf9eba66 Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.10.236 with commit 538ed8b049ef801a86c543433e5061a91cc106e3 Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.15.180 with commit 17c99ab3db2ba74096d36c69daa6e784e98fc0b8 Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.1.134 with commit 11e24802e73362aa2948ee16b8fb4e32635d5b2a Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.6.87 with commit 3d012ba4404a0bb517658699ba85e6abda386dc3 Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.12.23 with commit 49d2a2ea9d30991bae82107f9523915b91637683 Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.13.11 with commit b942f88fe7d2d789e51c5c30a675fa1c126f5a6d Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.14.2 with commit e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.15-rc1 with commit a406aff8c05115119127c962cbbbbd202e1973ef Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-22079 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/ocfs2/alloc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66 https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3 https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8 https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3 https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683 https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef
Powered by blists - more mailing lists