cve/published/2025/CVE-2025-22079.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-22079: ocfs2: validate l_tree_depth to avoid out-of-bounds access

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 ocfs2: validate l_tree_depth to avoid out-of-bounds access

 The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is
 limited to OCFS2_MAX_PATH_DEPTH.

 Add a check to prevent out-of-bounds access if l_tree_depth has an invalid
 value, which may occur when reading from a corrupted mounted disk [1].

 The Linux kernel CVE team has assigned CVE-2025-22079 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.4.292 with commit ef34840bda333fe99bafbd2d73b70ceaaf9eba66
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.10.236 with commit 538ed8b049ef801a86c543433e5061a91cc106e3
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.15.180 with commit 17c99ab3db2ba74096d36c69daa6e784e98fc0b8
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.1.134 with commit 11e24802e73362aa2948ee16b8fb4e32635d5b2a
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.6.87 with commit 3d012ba4404a0bb517658699ba85e6abda386dc3
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.12.23 with commit 49d2a2ea9d30991bae82107f9523915b91637683
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.13.11 with commit b942f88fe7d2d789e51c5c30a675fa1c126f5a6d
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.14.2 with commit e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c
 	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.15 with commit a406aff8c05115119127c962cbbbbd202e1973ef

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-22079
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	fs/ocfs2/alloc.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66
 	https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3
 	https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8
 	https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a
 	https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3
 	https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683
 	https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d
 	https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c
 	https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-22079: ocfs2: validate l_tree_depth to avoid out-of-bounds access

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	ocfs2: validate l_tree_depth to avoid out-of-bounds access

	The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is
	limited to OCFS2_MAX_PATH_DEPTH.

	Add a check to prevent out-of-bounds access if l_tree_depth has an invalid
	value, which may occur when reading from a corrupted mounted disk [1].

	The Linux kernel CVE team has assigned CVE-2025-22079 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.4.292 with commit ef34840bda333fe99bafbd2d73b70ceaaf9eba66
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.10.236 with commit 538ed8b049ef801a86c543433e5061a91cc106e3
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 5.15.180 with commit 17c99ab3db2ba74096d36c69daa6e784e98fc0b8
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.1.134 with commit 11e24802e73362aa2948ee16b8fb4e32635d5b2a
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.6.87 with commit 3d012ba4404a0bb517658699ba85e6abda386dc3
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.12.23 with commit 49d2a2ea9d30991bae82107f9523915b91637683
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.13.11 with commit b942f88fe7d2d789e51c5c30a675fa1c126f5a6d
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.14.2 with commit e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c
	Issue introduced in 2.6.16 with commit ccd979bdbce9fba8412beb3f1de68a9d0171b12c and fixed in 6.15 with commit a406aff8c05115119127c962cbbbbd202e1973ef

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-22079
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	fs/ocfs2/alloc.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66
	https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3
	https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8
	https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a
	https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3
	https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683
	https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d
	https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c
	https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef