| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120821-CVE-2025-40312-2743@gregkh>
Date: Mon, 8 Dec 2025 09:47:36 +0900
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-40312: jfs: Verify inode mode when loading from disk
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
jfs: Verify inode mode when loading from disk
The inode mode loaded from corrupted disk can be invalid. Do like what
commit 0a9e74051313 ("isofs: Verify inode mode when loading from disk")
does.
The Linux kernel CVE team has assigned CVE-2025-40312 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.302 with commit 19cce65709a8a2966203653028d9004e28e85bd5
Fixed in 5.10.247 with commit fabc1348bb8fe6bc80850014ee94bd89945f7f4d
Fixed in 5.15.197 with commit 46c76cfa17d1828c1a889cb54cb11d5ef3dfbc0f
Fixed in 6.1.159 with commit 2870a7dec49ccdc3f6ae35da8f5d6737f21133a8
Fixed in 6.6.117 with commit ce054a366c54992185c9514e489a14f145b10c29
Fixed in 6.12.58 with commit 1795277a4e98d82e6451544d43695540cee042ea
Fixed in 6.17.8 with commit 8d6a9cbd276b3b85da0e7e98208f89416fed9265
Fixed in 6.18 with commit 7a5aa54fba2bd591b22b9b624e6baa9037276986
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-40312
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/jfs/inode.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/19cce65709a8a2966203653028d9004e28e85bd5
https://git.kernel.org/stable/c/fabc1348bb8fe6bc80850014ee94bd89945f7f4d
https://git.kernel.org/stable/c/46c76cfa17d1828c1a889cb54cb11d5ef3dfbc0f
https://git.kernel.org/stable/c/2870a7dec49ccdc3f6ae35da8f5d6737f21133a8
https://git.kernel.org/stable/c/ce054a366c54992185c9514e489a14f145b10c29
https://git.kernel.org/stable/c/1795277a4e98d82e6451544d43695540cee042ea
https://git.kernel.org/stable/c/8d6a9cbd276b3b85da0e7e98208f89416fed9265
https://git.kernel.org/stable/c/7a5aa54fba2bd591b22b9b624e6baa9037276986
Powered by blists - more mailing lists