CVE-2025-22079
Oracle FS2 Integer Underflow Vulnerability
Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1].
INFO
Published Date :
April 16, 2025, 3:16 p.m.
Last Modified :
April 17, 2025, 8:22 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
Public PoC/Exploit Available at Github
CVE-2025-22079 has a 1 public PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-22079.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
DSA and DLA for Debian last 14 days
Python
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-22079 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-22079 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Apr. 16, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate l_tree_depth to avoid out-of-bounds access The l_tree_depth field is 16-bit (__le16), but the actual maximum depth is limited to OCFS2_MAX_PATH_DEPTH. Add a check to prevent out-of-bounds access if l_tree_depth has an invalid value, which may occur when reading from a corrupted mounted disk [1]. Added Reference https://git.kernel.org/stable/c/11e24802e73362aa2948ee16b8fb4e32635d5b2a Added Reference https://git.kernel.org/stable/c/17c99ab3db2ba74096d36c69daa6e784e98fc0b8 Added Reference https://git.kernel.org/stable/c/3d012ba4404a0bb517658699ba85e6abda386dc3 Added Reference https://git.kernel.org/stable/c/49d2a2ea9d30991bae82107f9523915b91637683 Added Reference https://git.kernel.org/stable/c/538ed8b049ef801a86c543433e5061a91cc106e3 Added Reference https://git.kernel.org/stable/c/a406aff8c05115119127c962cbbbbd202e1973ef Added Reference https://git.kernel.org/stable/c/b942f88fe7d2d789e51c5c30a675fa1c126f5a6d Added Reference https://git.kernel.org/stable/c/e95d97c9c8cd0c239b7b59c79be0f6a9dcf7905c Added Reference https://git.kernel.org/stable/c/ef34840bda333fe99bafbd2d73b70ceaaf9eba66
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-22079 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-22079
weaknesses.