| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: validate l_tree_depth to avoid out-of-bounds access\n\nThe l_tree_depth field is 16-bit (__le16), but the actual maximum depth is\nlimited to OCFS2_MAX_PATH_DEPTH.\n\nAdd a check to prevent out-of-bounds access if l_tree_depth has an invalid\nvalue, which may occur when reading from a corrupted mounted disk [1]." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/ocfs2/alloc.c" |
| ], |
| "versions": [ |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "ef34840bda333fe99bafbd2d73b70ceaaf9eba66", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "538ed8b049ef801a86c543433e5061a91cc106e3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "17c99ab3db2ba74096d36c69daa6e784e98fc0b8", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "11e24802e73362aa2948ee16b8fb4e32635d5b2a", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "3d012ba4404a0bb517658699ba85e6abda386dc3", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "49d2a2ea9d30991bae82107f9523915b91637683", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "b942f88fe7d2d789e51c5c30a675fa1c126f5a6d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "ccd979bdbce9fba8412beb3f1de68a9d0171b12c", |
| "lessThan": "a406aff8c05115119127c962cbbbbd202e1973ef", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "fs/ocfs2/alloc.c" |
| ], |
| "versions": [ |
| { |
| "version": "2.6.16", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "2.6.16", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.292", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.236", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.180", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.1.134", |
| "lessThanOrEqual": "6.1.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.87", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.23", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13.11", |
| "lessThanOrEqual": "6.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14.2", |
| "lessThanOrEqual": "6.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.15", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "5.4.292" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "5.10.236" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "5.15.180" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.1.134" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.6.87" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.12.23" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.13.11" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.14.2" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "2.6.16", |
| "versionEndExcluding": "6.15" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef" |
| } |
| ], |
| "title": "ocfs2: validate l_tree_depth to avoid out-of-bounds access", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-22079", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
