CVE-2025-38710

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gfs2: Validate i_depth for exhash directories<br /> <br /> A fuzzer test introduced corruption that ends up with a depth of 0 in<br /> dir_e_read(), causing an undefined shift by 32 at:<br /> <br /> index = hash &gt;&gt; (32 - dip-&gt;i_depth);<br /> <br /> As calculated in an open-coded way in dir_make_exhash(), the minimum<br /> depth for an exhash directory is ilog2(sdp-&gt;sd_hash_ptrs) and 0 is<br /> invalid as sdp-&gt;sd_hash_ptrs is fixed as sdp-&gt;bsize / 16 at mount time.<br /> <br /> So we can avoid the undefined behaviour by checking for depth values<br /> lower than the minimum in gfs2_dinode_in(). Values greater than the<br /> maximum are already being checked for there.<br /> <br /> Also switch the calculation in dir_make_exhash() to use ilog2() to<br /> clarify how the depth is calculated.<br /> <br /> Tested with the syzkaller repro.c and xfstests &amp;#39;-g quick&amp;#39;.