Linux Kernel nilfs2 Integer Overflow Vulnerability in nilfs_fiemap()

Vulnerability

An integer overflow vulnerability has been identified in the Linux kernel's nilfs2 file system, specifically within the nilfs_fiemap() function. The issue arises because nilfs_bmap_lookup_contig() in nilfs_fiemap() is designed to potentially process a maximum number of blocks equal to INT_MAX. This could lead to an overflow when the block count is left-shifted. Although such an occurrence is highly unlikely, the vulnerability has been addressed by safely casting the right-hand expression to a wider type. This issue was discovered by the Linux Verification Center using the static analysis tool SVACE.

Impact

Exploitation of this vulnerability could lead to undefined behavior due to the integer overflow, potentially allowing for memory corruption or other unintended consequences.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel nilfs2 Integer Overflow Vulnerability in nilfs_fiemap()

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating