Linux Kernel Ztailpacking Feature Buffer Copy Overflow Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's implementation of the ztailpacking feature within the erofs filesystem. This vulnerability arises because the tail pcluster may not represent a complete filesystem block when ztailpacking is applied, leading to a buffer copy overflow. The issue was highlighted by a Kernel Address Sanitizer (KASAN) report, which indicated that the vulnerability could be exploited during the decompression of data, potentially causing memory corruption.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly result in memory corruption and the potential execution of arbitrary code.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Ztailpacking Feature Buffer Copy Overflow Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating