5.5

CVE-2025-39940

dm-stripe: fix a possible integer overflow

In the Linux kernel, the following vulnerability has been resolved:

dm-stripe: fix a possible integer overflow

There's a possible integer overflow in stripe_io_hints if we have too
large chunk size. Test if the overflow happened, and if it did, don't set
limits->io_min and limits->io_opt;
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.31.1 < 6.12.49
LinuxLinux Kernel Version >= 6.13 < 6.16.9
LinuxLinux Kernel Version2.6.31 Update-
LinuxLinux Kernel Version2.6.31 Updaterc9
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
LinuxLinux Kernel Version6.17 Updaterc5
LinuxLinux Kernel Version6.17 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/f8f64254bca5ae58f3b679441962bda4c409f659
Patch
https://git.kernel.org/stable/c/ee27658c239b27721397f3e4eb16370b5cce596e
Patch
https://git.kernel.org/stable/c/1071d560afb4c245c2076494226df47db5a35708
Patch