PT-2025-20509 · Linux+6 · Linux Kernel+6

Published

2025-02-20

·

Updated

2026-04-20

·

CVE-2025-37858

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to an integer overflow in the allocation group (AG) size calculation in the JFS filesystem. This occurs when the l2agsize value exceeds 31, causing undefined behavior and improper AG sizing on 32-bit systems. The problem can lead to filesystem corruption, kernel crashes, and security vulnerabilities due to malformed on-disk structures. The estimated number of potentially affected devices is not provided.
Recommendations To resolve the issue, apply the fix by casting to s64 before shifting, ensuring 64-bit arithmetic even on 32-bit architectures. This can be achieved by updating the code to bmp->db agsize = (s64)1 << l2agsize;. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Integer Overflow

Weakness Enumeration

CWE-20CWE-190

Related Identifiers

BDU:2025-11932
CVE-2025-37858
DLA-4178-1
DLA-4193-1
ECHO-56E6-2A7F-3BB2
OESA-2025-1572
OESA-2025-1573
OESA-2025-1593
OESA-2025-1596
OESA-2025-1597
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-7654-1
USN-7654-2
USN-7654-3
USN-7654-4
USN-7654-5
USN-7655-1
USN-7686-1
USN-7711-1
USN-7712-1
USN-7712-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu