Acknowledged
Created: Aug 24, 2025
Updated: Aug 26, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]f2fs: fix to avoid out-of-boundary access in devs.path[EOL][EOL]- touch /mnt/f2fs/012345678901234567890123456789012345678901234567890123[EOL]- truncate -s $((1024*1024*1024)) /mnt/f2fs/012345678901234567890123456789012345678901234567890123[EOL]- touch /mnt/f2fs/file[EOL]- truncate -s $((1024*1024*1024)) /mnt/f2fs/file[EOL]- mkfs.f2fs /mnt/f2fs/012345678901234567890123456789012345678901234567890123 -c /mnt/f2fs/file[EOL]- mount /mnt/f2fs/012345678901234567890123456789012345678901234567890123 /mnt/f2fs/loop[EOL][EOL][16937.192225] F2FS-fs (loop0): Mount Device [ 0]: /mnt/f2fs/012345678901234567890123456789012345678901234567890123ÿ\x01, 511, 0 - 3ffff[EOL][16937.192268] F2FS-fs (loop0): Failed to find devices[EOL][EOL]If device path length equals to MAX_PATH_LEN, sbi->devs.path[] may[EOL]not end up w/ null character due to path array is fully filled, So[EOL]accidently, fields locate after path[] may be treated as part of[EOL]device path, result in parsing wrong device path.[EOL][EOL]struct f2fs_dev_info {[EOL]...[EOL]\tchar path[MAX_PATH_LEN];[EOL]...[EOL]};[EOL][EOL]Let's add one byte space for sbi->devs.path[] to store null[EOL]character of device path string.
CREATE(Triage):(User=pbi-cn) [CVE-2025-38652 (https://nvd.nist.gov/vuln/detail/CVE-2025-38652)
