Primary

Context

Linux Kernel UDF Long Extent Merging Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's handling of the Universal Disk Format (UDF) file system has been addressed. The issue arose from an unnecessary and complicated process of merging very long extents, which included a logic bug that corrupted file extents. This vulnerability was reproduced by syzbot, a kernel fuzzer.

Impact

The vulnerability could lead to file system corruption by improperly merging extents, causing data loss or inconsistency.

Reproduction

The vulnerability can be reproduced by using the UDF file system and creating scenarios where very long extents are present. The syzbot reproducer demonstrates this issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Oct 1, 2025, 1:50 PM

Updated: Oct 1, 2025, 1:50 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.7

remediation

7.7

relevance

0.6

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UDF Long Extent Merging Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating