CVE-2025-38710

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38710

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38710.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38710

Downstream

BELL-CVE-2025-38710

DEBIAN-CVE-2025-38710

ECHO-c651-9255-a26e

OESA-2025-2310

OESA-2025-2311

OESA-2025-2312

OESA-2025-2313

OESA-2025-2314

OESA-2025-2315

UBUNTU-CVE-2025-38710

Published

2025-09-04T16:15:40Z

Modified

2025-09-06T13:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Validate i_depth for exhash directories

A fuzzer test introduced corruption that ends up with a depth of 0 in direread(), causing an undefined shift by 32 at:

index = hash >> (32 - dip->i_depth);

As calculated in an open-coded way in dirmakeexhash(), the minimum depth for an exhash directory is ilog2(sdp->sdhashptrs) and 0 is invalid as sdp->sdhashptrs is fixed as sdp->bsize / 16 at mount time.

So we can avoid the undefined behaviour by checking for depth values lower than the minimum in gfs2dinodein(). Values greater than the maximum are already being checked for there.

Also switch the calculation in dirmakeexhash() to use ilog2() to clarify how the depth is calculated.

Tested with the syzkaller repro.c and xfstests '-g quick'.

References

Affected packages