AZL-74483

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74483.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-74483

Upstream

CVE-2025-68794

Published

2026-01-13T16:16:01Z

Modified

2026-04-01T05:22:43.487635Z

Summary

CVE-2025-68794 affecting package kernel for versions less than 6.6.121.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

iomap: adjust read range correctly for non-block-aligned positions

iomapadjustread_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case for erofs. This causes too many bytes to be skipped for uptodate blocks, which results in returning the incorrect position and length to read in. If all the blocks are uptodate, this underflows length and returns a position beyond the folio.

Fix the calculation to also take into account the block offset when calculating how many bytes can be skipped for uptodate blocks.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-68794

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.121.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74483.json"