Volerion logoVolerion
Volerion logoVolerion

Linux Kernel JFFS2 Summary Write Vulnerability Leading to Kernel Panic

Vulnerability

A vulnerability in the Linux kernel's JFFS2 file system has been identified, where the summary write operation does not properly check if raw nodes were preallocated. This issue was detected by Syzkaller, which injected faults that exposed the bug in the 'jffs2_link_node_ref' function. The flaw allows errors to propagate unchecked, eventually causing a kernel panic by linking a summary to an unallocated node. The vulnerability was found in kernel version 6.1.128.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a crash of the affected system.

Reproduction

The vulnerability can be reproduced by using the JFFS2 file system with Syzkaller, a kernel fuzzer that can inject faults. This combination will trigger the unchecked error propagation during the summary write process, linking to an unallocated node and causing a kernel panic.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.

Added: Jul 4, 2025, 3:38 PM
Updated: Jul 4, 2025, 3:38 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.3
remediation
7.7
relevance
0.2
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.