Linux Kernel OCFS2 Out-of-Bounds Access Vulnerability in Tree Depth Validation

Vulnerability

A vulnerability in the Linux kernel's OCFS2 file system allows for out-of-bounds access due to improper validation of the l_tree_depth field. This field is 16-bit (__le16), but the maximum depth is limited to OCFS2_MAX_PATH_DEPTH. The vulnerability may arise when reading from a corrupted mounted disk.

Impact

The vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel OCFS2 Out-of-Bounds Access Vulnerability in Tree Depth Validation

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating