Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix crafted invalid cases for encoded extents Robert recently reported two corrupted images that can cause system crashes, which are related to the new encoded extents introduced in Linux 6.15: - The first one [1] has plen != 0 (e.g. plen == 0x2000000) but (plen & Z_EROFS_EXTENT_PLEN_MASK) == 0. It is used to represent special extents such as sparse extents (!EROFS_MAP_MAPPED), but previously only plen == 0 was handled; - The second one [2] has pa 0xffffffffffdcffed and plen 0xb4000, then "cur [0xfffffffffffff000] += bvec.bv_len [0x1000]" in "} while ((cur += bvec.bv_len) < end);" wraps around, causing an out-of-bound access of pcl->compressed_bvecs[] in z_erofs_submit_queue(). EROFS only supports 48-bit physical block addresses (up to 1EiB for 4k blocks), so add a sanity check to enforce this.

INFO

Published Date :

2025-12-04T15:31:30.594Z

Last Modified :

2025-12-04T15:31:30.594Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-40241 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-40241.

URL Resource
https://git.kernel.org/stable/c/00d8fe0b72f4ca0a983abced36aad2160038c421 cve-icon cve-icon
https://git.kernel.org/stable/c/a429b76114aaca3ef1aff4cd469dcf025431bd11 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40241-c6ed@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-40241 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-40241 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact