Hsiangkao

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 **Description** An issue exists in the EROFS (Enhanced Read-Only File System) implementation where out-of-bounds handling occurs for trailing directory entries. While boundary checks for `nameoff` are present, trailing entries are processed using `strnlen()` with unchecked `nameoff` values. A specially crafted EROFS image containing a trailing directory entry with a `nameoff` greater than or equal to `maxsize` can cause an underflow in the calculation of `maxsize - nameoff`, leading `strnlen()` to read beyond the directory block. Additionally, `nameoff0` must be verified as a multiple of `sizeof(struct erofs dirent)`. **Recommendations** Update to a version of the Linux kernel where the EROFS out-of-bounds nameoff handling is resolved. Update openSUSE Tumbleweed to kernel-devel-7.0.11-1.1.