| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121624-CVE-2025-68251-782f@gregkh>
Date: Tue, 16 Dec 2025 15:32:27 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68251: erofs: avoid infinite loops due to corrupted subpage compact indexes
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
erofs: avoid infinite loops due to corrupted subpage compact indexes
Robert reported an infinite loop observed by two crafted images.
The root cause is that `clusterofs` can be larger than `lclustersize`
for !NONHEAD `lclusters` in corrupted subpage compact indexes, e.g.:
blocksize = lclustersize = 512 lcn = 6 clusterofs = 515
Move the corresponding check for full compress indexes to
`z_erofs_load_lcluster_from_disk()` to also cover subpage compact
compress indexes.
It also fixes the position of `m->type >= Z_EROFS_LCLUSTER_TYPE_MAX`
check, since it should be placed right after
`z_erofs_load_{compact,full}_lcluster()`.
The Linux kernel CVE team has assigned CVE-2025-68251 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.8 with commit 8d2517aaeea3ab8651bb517bca8f3c8664d318ea and fixed in 6.17.6 with commit 8675447a8794983f2b7e694b378112772c17635e
Issue introduced in 6.8 with commit 8d2517aaeea3ab8651bb517bca8f3c8664d318ea and fixed in 6.18 with commit e13d315ae077bb7c3c6027cc292401bc0f4ec683
Issue introduced in 6.6.16 with commit 3f691aa676f29586e83e6c032713554a290418c3
Issue introduced in 6.7.4 with commit 22438a34d383ec2789eaf450728e38abc53051f8
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-68251
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/erofs/zmap.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/8675447a8794983f2b7e694b378112772c17635e
https://git.kernel.org/stable/c/e13d315ae077bb7c3c6027cc292401bc0f4ec683
Powered by blists - more mailing lists