| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082237-CVE-2025-38652-1f5b@gregkh>
Date: Fri, 22 Aug 2025 18:01:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38652: f2fs: fix to avoid out-of-boundary access in devs.path
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid out-of-boundary access in devs.path
- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123
- truncate -s $((1024*1024*1024)) \
/mnt/f2fs/012345678901234567890123456789012345678901234567890123
- touch /mnt/f2fs/file
- truncate -s $((1024*1024*1024)) /mnt/f2fs/file
- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \
-c /mnt/f2fs/file
- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \
/mnt/f2fs/loop
[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff
[16937.192268] F2FS-fs (loop0): Failed to find devices
If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may
not end up w/ null character due to path array is fully filled, So
accidently, fields locate after path[] may be treated as part of
device path, result in parsing wrong device path.
struct f2fs_dev_info {
...
char path[MAX_PATH_LEN];
...
};
Let's add one byte space for sbi->devs.path[] to store null
character of device path string.
The Linux kernel CVE team has assigned CVE-2025-38652 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.1.148 with commit 3466721f06edff834f99d9f49f23eabc6b2cb78e
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.6.102 with commit 345fc8d1838f3f8be7c8ed08d86a13dedef67136
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.12.42 with commit 70849d33130a2cf1d6010069ed200669c8651fbd
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.15.10 with commit 755427093e4294ac111c3f9e40d53f681a0fbdaa
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.16.1 with commit 1b1efa5f0e878745e94a98022e8edc675a87d78e
Issue introduced in 4.10 with commit 3c62be17d4f562f43fe1d03b48194399caa35aa5 and fixed in 6.17-rc1 with commit 5661998536af52848cc4d52a377e90368196edea
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38652
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/f2fs/f2fs.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/3466721f06edff834f99d9f49f23eabc6b2cb78e
https://git.kernel.org/stable/c/345fc8d1838f3f8be7c8ed08d86a13dedef67136
https://git.kernel.org/stable/c/70849d33130a2cf1d6010069ed200669c8651fbd
https://git.kernel.org/stable/c/755427093e4294ac111c3f9e40d53f681a0fbdaa
https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e
https://git.kernel.org/stable/c/5661998536af52848cc4d52a377e90368196edea
Powered by blists - more mailing lists