CVE-2025-21736

Severity CVSS v4.0:
Pending analysis
Type:
CWE-190 Integer Overflow or Wraparound
Publication date:
27/02/2025
Last modified:
13/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nilfs2: fix possible int overflows in nilfs_fiemap()<br /> <br /> Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result<br /> by being prepared to go through potentially maxblocks == INT_MAX blocks,<br /> the value in n may experience an overflow caused by left shift of blkbits.<br /> <br /> While it is extremely unlikely to occur, play it safe and cast right hand<br /> expression to wider type to mitigate the issue.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with static analysis<br /> tool SVACE.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 2.6.38 (including) 6.1.129 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.2 (including) 6.6.78 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.14 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.3 (excluding)