SB20250509131 - Integer overflow in Linux kernel jfs
Published: May 9, 2025 Updated: May 10, 2025
Security Bulletin ID
SB20250509131
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2025-37858)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the dbExtendFS() function in fs/jfs/jfs_dmap.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a
- https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba
- https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2
- https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829
- https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e
- https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239
- https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329
- https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454
- https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3