NuytsTech Security

CVE-2025-38652

by ·

In the Linux kernel, the following vulnerability has been resolved:

f2fs: fix to avoid out-of-boundary access in devs.path

– touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123
– truncate -s $((1024*1024*1024))
/mnt/f2fs/012345678901234567890123456789012345678901234567890123
– touch /mnt/f2fs/file
– truncate -s $((1024*1024*1024)) /mnt/f2fs/file
– mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123
-c /mnt/f2fs/file
– mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123
/mnt/f2fs/loop

[16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123xffx01, 511, 0 – 3ffff
[16937.192268] F2FS-fs (loop0): Failed to find devices

If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may
not end up w/ null character due to path array is fully filled, So
accidently, fields locate after path[] may be treated as part of
device path, result in parsing wrong device path.

struct f2fs_dev_info {

char path[MAX_PATH_LEN];

};

Let’s add one byte space for sbi->devs.path[] to store null
character of device path string.

More information : https://git.kernel.org/stable/c/1b1efa5f0e878745e94a98022e8edc675a87d78e

Tags: