CVE-2025-37858

MEDIUM EPSS 15.4%
Published May 9, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage values) in sbi->bmap->db_agsize - Subsequent block allocations would reference invalid AG structures - Could lead to: - Filesystem corruption during extend operations - Kernel crashes due to invalid memory accesses - Security vulnerabilities via malformed on-disk structures Fix by casting to s64 before shifting: bmp->db_agsize = (s64)1 << l2agsize; This ensures 64-bit arithmetic even on 32-bit architectures. The cast matches the data type of db_agsize (s64) and follows similar patterns in JFS block calculation code. Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
15.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 9

VendorProductVersionRange
linuxlinux_kernel* <5.4.293
linuxlinux_kernel*≥5.5  –  <5.10.237
linuxlinux_kernel*≥5.11  –  <5.15.181
linuxlinux_kernel*≥5.16  –  <6.1.135
linuxlinux_kernel*≥6.2  –  <6.6.88
linuxlinux_kernel*≥6.7  –  <6.12.24
linuxlinux_kernel*≥6.13  –  <6.13.12
linuxlinux_kernel*≥6.14  –  <6.14.3
debiandebian_linux11.0any

References 11

  • git.kernel.org https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88
    Patch