github - ghsa-rx4q-q596-qrmv

ghsa-rx4q-q596-qrmv

Vulnerability from github

Published

2025-10-01 09:30

Modified

2025-10-01 09:30

Details

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix invalid algorithm for encoded extents

The current algorithm sanity checks do not properly apply to new encoded extents.

Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX and ensure consistency with sbi->available_compr_algs.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-39924"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T08:15:35Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix invalid algorithm for encoded extents\n\nThe current algorithm sanity checks do not properly apply to new\nencoded extents.\n\nUnify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX\nand ensure consistency with sbi-\u003eavailable_compr_algs.",
  "id": "GHSA-rx4q-q596-qrmv",
  "modified": "2025-10-01T09:30:25Z",
  "published": "2025-10-01T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39924"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/131897c65e2b86cf14bec7379f44aa8fbb407526"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db5d7abd379a8dcf030be8f52f99cadf7e397ba8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-39924 (GCVE-0-2025-39924)

Vulnerability from cvelistv5

Published

2025-10-01 08:07

Modified

2025-10-01 08:07

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: erofs: fix invalid algorithm for encoded extents The current algorithm sanity checks do not properly apply to new encoded extents. Unify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX and ensure consistency with sbi->available_compr_algs.

References

URL

Tags

	https://git.kernel.org/stable/c/db5d7abd379a8dcf030be8f52f99cadf7e397ba8
	https://git.kernel.org/stable/c/131897c65e2b86cf14bec7379f44aa8fbb407526

Impacted products

Vendor

Product

Version

Version: 1d191b4ca51d73699cb127386b95ac152af2b930
Version: 1d191b4ca51d73699cb127386b95ac152af2b930

Version: 6.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "db5d7abd379a8dcf030be8f52f99cadf7e397ba8",
              "status": "affected",
              "version": "1d191b4ca51d73699cb127386b95ac152af2b930",
              "versionType": "git"
            },
            {
              "lessThan": "131897c65e2b86cf14bec7379f44aa8fbb407526",
              "status": "affected",
              "version": "1d191b4ca51d73699cb127386b95ac152af2b930",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/zmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.8",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix invalid algorithm for encoded extents\n\nThe current algorithm sanity checks do not properly apply to new\nencoded extents.\n\nUnify the algorithm check with Z_EROFS_COMPRESSION(_RUNTIME)_MAX\nand ensure consistency with sbi-\u003eavailable_compr_algs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T08:07:12.300Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/db5d7abd379a8dcf030be8f52f99cadf7e397ba8"
        },
        {
          "url": "https://git.kernel.org/stable/c/131897c65e2b86cf14bec7379f44aa8fbb407526"
        }
      ],
      "title": "erofs: fix invalid algorithm for encoded extents",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39924",
    "datePublished": "2025-10-01T08:07:12.300Z",
    "dateReserved": "2025-04-16T07:20:57.147Z",
    "dateUpdated": "2025-10-01T08:07:12.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.