Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

A flaw exists in the Linux kernel related to the validation of `i depth` for exhash directories within the gfs2 filesystem. A fuzzer test revealed corruption leading to a depth of 0 in `dir e read()`, causing an undefined shift operation. The minimum depth for an exhash directory is determined by `ilog2(sdp->sd hash ptrs)`, and a depth of 0 is invalid. The issue arises from an undefined shift by 32 at `index = hash >> (32 - dip->i depth)`. The calculation in `dir make exhash()` has been modified to use `ilog2()` for clarity.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.