AZL-57832

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57832.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-57832

Upstream

CVE-2025-21736

Published

2025-02-27T03:15:14Z

Modified

2026-04-01T05:19:13.300499Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2025-21736 affecting package kernel for versions less than 5.15.179.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix possible int overflows in nilfs_fiemap()

Since nilfsbmaplookupcontig() in nilfsfiemap() calculates its result by being prepared to go through potentially maxblocks == INT_MAX blocks, the value in n may experience an overflow caused by left shift of blkbits.

While it is extremely unlikely to occur, play it safe and cast right hand expression to wider type to mitigate the issue.

Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-21736

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.179.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-57832.json"