CVE-2025-38652
EUVD-2025-2555022.08.2025, 16:15
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to avoid out-of-boundary access in devs.path
- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123
- truncate -s $((1024*1024*1024)) \
/mnt/f2fs/012345678901234567890123456789012345678901234567890123
- touch /mnt/f2fs/file
- truncate -s $((1024*1024*1024)) /mnt/f2fs/file
- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \
-c /mnt/f2fs/file
- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 \
/mnt/f2fs/loop
[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123\xff\x01, 511, 0 - 3ffff
[16937.192268] F2FS-fs (loop0): Failed to find devices
If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may
not end up w/ null character due to path array is fully filled, So
accidently, fields locate after path[] may be treated as part of
device path, result in parsing wrong device path.
struct f2fs_dev_info {
...
char path[MAX_PATH_LEN];
...
};
Let's add one byte space for sbi->devs.path[] to store null
character of device path string.EnginsightAffected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 4.10 ≤ 𝑥 < 5.4.297 |
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.241 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.190 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.148 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.102 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.42 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.15.10 |
| linux | linux_kernel | 6.16 ≤ 𝑥 < 6.16.1 |
| debian | debian_linux | 11.0 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration
References