Linux Kernel GFS2 Inline Inode Size Validation Vulnerability

Vulnerability

A vulnerability in the Linux kernel's GFS2 file system has been addressed, which involved improper handling of inline inodes. The issue arose because the inode size of stuffed (inline) inodes was not properly checked against allowed limits when reading inodes from disk. This oversight could lead to on-disk corruption. The vulnerability has been resolved by ensuring that the inode size is always verified, preventing potential corruption. Additionally, two redundant checks that merely truncated inline data to a maximum allowed size have been removed, as they were unnecessary.

Impact

The vulnerability could have led to on-disk corruption by allowing improper sizes of inline inodes to be read from disk without adequate validation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel GFS2 Inline Inode Size Validation Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating