Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Zstandard Decompression Infinite Loop Vulnerability

Vulnerability

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) Zstandard decompression logic can lead to an infinite loop. This issue occurs when the decompressed data is truncated in deliberately corrupted images, causing the decompression process to hang indefinitely. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can cause a denial of service by creating an infinite loop in the decompression process, which can lead to unresponsive system behavior.

Reproduction

The vulnerability can be reproduced by using a crafted image that contains deliberately corrupted Zstandard-compressed data. When this corrupted data is processed by the EROFS Zstandard decompression logic, the decompression will enter an infinite loop, failing to complete the operation.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.

Added: Dec 16, 2025, 4:28 PM
Updated: Dec 16, 2025, 4:28 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
1.5
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.