Wind River Support Network

HomeDefectsLIN1023-13866
Acknowledged

LIN1023-13866 : Security Advisory - linux - CVE-2025-38230

Created: Jul 7, 2025    Updated: Jul 8, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]jfs: validate AG parameters in dbMount() to prevent crashes[EOL][EOL]Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch[EOL]corrupted metadata early and avoid undefined behavior in dbAllocAG.[EOL]Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE:[EOL][EOL]- agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift[EOL]  (L2LPERCTL - 2*agheight) >= 0.[EOL]- agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight))[EOL]  ensures agperlev >= 1.[EOL]  - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5).[EOL]  - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG;[EOL]    2^(10 - 2*agheight) prevents division to 0.[EOL]- agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within[EOL]  stree (size 1365).[EOL]  - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8).[EOL][EOL]UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9[EOL]shift exponent -335544310 is negative[EOL]CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0[EOL]Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025[EOL]Call Trace:[EOL] <TASK>[EOL] __dump_stack lib/dump_stack.c:94 [inline][EOL] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120[EOL] ubsan_epilogue lib/ubsan.c:231 [inline][EOL] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468[EOL] dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400[EOL] dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613[EOL] jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105[EOL] jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131[EOL] vfs_ioctl fs/ioctl.c:51 [inline][EOL] __do_sys_ioctl fs/ioctl.c:906 [inline][EOL] __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892[EOL] do_syscall_x64 arch/x86/entry/common.c:52 [inline][EOL] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83[EOL] entry_SYSCALL_64_after_hwframe+0x77/0x7f[EOL][EOL]Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

CREATE(Triage):(User=admin) [CVE-2025-38230 (https://nvd.nist.gov/vuln/detail/CVE-2025-38230)
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube