-
CVE-2025-38230
- EPSS 0.05%
- Published 04.07.2025 13:37:44
- Last modified 17.07.2025 17:15:37
- Source 416baaa9-dc9f-4396-8d5f-8c081f
- Teams watchlist Login
- Open Login
In the Linux kernel, the following vulnerability has been resolved:
jfs: validate AG parameters in dbMount() to prevent crashes
Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch
corrupted metadata early and avoid undefined behavior in dbAllocAG.
Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE:
- agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift
(L2LPERCTL - 2*agheight) >= 0.
- agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight))
ensures agperlev >= 1.
- Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5).
- LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG;
2^(10 - 2*agheight) prevents division to 0.
- agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within
stree (size 1365).
- Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8).
UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9
shift exponent -335544310 is negative
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
ubsan_epilogue lib/ubsan.c:231 [inline]
__ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468
dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400
dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613
jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105
jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:906 [inline]
__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorLinux
≫
Product
Linux
Default Statusunaffected
Version <
95ae5ee6069d9a5945772625f289422ef659221a
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
a4259e72363e1ea204a97292001a9fc36c7e52fd
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
c3705c82b7406a15ef38a610d03bf6baa43d6e0c
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
9242ff6245527a3ebb693ddd175493b38ddca72f
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
0c40fa81f850556e9aa0185fede9ef1112db7b39
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
8b69608c6b6779a7ab07ce4467a56df90152cfb9
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
b62a1e59d8716bbd2e73660743fe06acc97ed7d1
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
Version <
37bfb464ddca87f203071b5bd562cd91ddc0b40a
Version
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Status
affected
VendorLinux
≫
Product
Linux
Default Statusaffected
Version
2.6.12
Status
affected
Version <
2.6.12
Version
0
Status
unaffected
Version <=
5.4.*
Version
5.4.296
Status
unaffected
Version <=
5.10.*
Version
5.10.240
Status
unaffected
Version <=
5.15.*
Version
5.15.187
Status
unaffected
Version <=
6.1.*
Version
6.1.143
Status
unaffected
Version <=
6.6.*
Version
6.6.96
Status
unaffected
Version <=
6.12.*
Version
6.12.36
Status
unaffected
Version <=
6.15.*
Version
6.15.4
Status
unaffected
Version <=
*
Version
6.16
Status
unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.164 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|