Home

Description

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bounds warning followed by a kernel panic (if panic_on_warn is set): shift exponent 38973 is too large for 32-bit type 'int' Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 ubsan_epilogue+0xb/0x50 __ubsan_handle_shift_out_of_bounds.cold.12+0x17b/0x1f5 init_nilfs.cold.11+0x18/0x1d [nilfs2] nilfs_mount+0x9b5/0x12b0 [nilfs2] ... This fixes the issue by adding and using a new helper function for getting block size with sanity check.

PUBLISHED Reserved 2025-12-30 | Published 2025-12-30 | Updated 2026-01-02 | Assigner Linux

Product status

Default status
unaffected

8a9d2191e9f43bbcd256a9a6871bd73434c83f2f (git) before ec93b5430ec0f60877a5388bb023d60624f9ab9f
affected

8a9d2191e9f43bbcd256a9a6871bd73434c83f2f (git) before 8b6ef451b5701b37d9a5905534595776a662edfc
affected

8a9d2191e9f43bbcd256a9a6871bd73434c83f2f (git) before ddb6615a168f97b91175e00eda4c644741cf531c
affected

8a9d2191e9f43bbcd256a9a6871bd73434c83f2f (git) before a16731fa1b96226c75bbf18e73513b14fc318360
affected

8a9d2191e9f43bbcd256a9a6871bd73434c83f2f (git) before ebeccaaef67a4895d2496ab8d9c2fb8d89201211
affected

Default status
affected

2.6.30
affected

Any version before 2.6.30
unaffected

5.10.163 (semver)
unaffected

5.15.86 (semver)
unaffected

6.0.16 (semver)
unaffected

6.1.2 (semver)
unaffected

6.2 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ec93b5430ec0f60877a5388bb023d60624f9ab9f

git.kernel.org/...c/8b6ef451b5701b37d9a5905534595776a662edfc

git.kernel.org/...c/ddb6615a168f97b91175e00eda4c644741cf531c

git.kernel.org/...c/a16731fa1b96226c75bbf18e73513b14fc318360

git.kernel.org/...c/ebeccaaef67a4895d2496ab8d9c2fb8d89201211

cve.org (CVE-2022-50864)

nvd.nist.gov (CVE-2022-50864)

Download JSON