CVE-2025-21736
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
27/02/2025
Last modified:
13/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
nilfs2: fix possible int overflows in nilfs_fiemap()<br />
<br />
Since nilfs_bmap_lookup_contig() in nilfs_fiemap() calculates its result<br />
by being prepared to go through potentially maxblocks == INT_MAX blocks,<br />
the value in n may experience an overflow caused by left shift of blkbits.<br />
<br />
While it is extremely unlikely to occur, play it safe and cast right hand<br />
expression to wider type to mitigate the issue.<br />
<br />
Found by Linux Verification Center (linuxtesting.org) with static analysis<br />
tool SVACE.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.38 (including) | 6.1.129 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.78 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.14 (excluding) |
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.13.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/250423300b4b0335918be187ef3cade248c06e6a
- https://git.kernel.org/stable/c/58b1c6881081f5ddfb9a14dc241a74732c0f855c
- https://git.kernel.org/stable/c/6438ef381c183444f7f9d1de18f22661cba1e946
- https://git.kernel.org/stable/c/7649937987fed51ed09985da4019d50189fc534e
- https://git.kernel.org/stable/c/8f41df5fd4c11d26e929a85f7239799641f92da7
- https://git.kernel.org/stable/c/b9495a9109abc31d3170f7aad7d48aa64610a1a2
- https://git.kernel.org/stable/c/f2bd0f1ab47822fe5bd699c8458b896c4b2edea1
- https://git.kernel.org/stable/c/f3d80f34f58445355fa27b9579a449fb186aa64e