Linux Kernel OrangeFS File Size Truncation Vulnerability on 32-Bit Systems

Vulnerability

A vulnerability in the Linux kernel's OrangeFS implementation can lead to file size truncation on 32-bit systems. The issue arises because the 'len' variable, which stores the result of the file size read operation, is defined as a size_t type. This definition causes the file size to be truncated to 4 GiB.

Impact

Exploitation of this vulnerability results in incorrect file size handling, potentially causing data loss or corruption by truncating file sizes beyond 4 GiB.

Added: Jun 18, 2025, 10:49 AM

Updated: Jun 18, 2025, 10:49 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel OrangeFS File Size Truncation Vulnerability on 32-Bit Systems

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating