PT-2026-2884 · Linux+2 · Linux Kernel+2

Published

2025-01-01

·

Updated

2026-05-11

·

CVE-2025-71123

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.54-syzkaller-00144-g5f0270f1ba00
Description The Linux kernel contains an issue in the ext4 filesystem related to string handling within the parse apply sb mount options() function. The strscpy pad() function is improperly used when copying strings, potentially leading to a buffer overflow when handling non-null-terminated strings. This can result in a warning message: 'strnlen: detected buffer overflow'. The issue was discovered by the Linux Verification Center using Syzkaller. The s mount opts field, expected to be at most 63 characters long and null-terminated, is vulnerable due to incorrect buffer sizing.
Recommendations Update to Linux kernel version 6.12.54-syzkaller-00144-g5f0270f1ba00 or a later version to address this issue.

Exploit

Fix

Buffer Overflow

Weakness Enumeration

CWE-120

Related Identifiers

BDU:2026-03138
CVE-2025-71123
ECHO-CFA0-8CA7-0B14
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20287-1
SUSE-SU-2026:0447-1
SUSE-SU-2026:0472-1
SUSE-SU-2026:0473-1
SUSE-SU-2026:0587-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20555-1
SUSE-SU-2026:20599-1
SUSE-SU-2026:20615-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8177-1
USN-8177-2
USN-8179-1
USN-8179-2
USN-8179-3
USN-8179-4
USN-8183-1
USN-8183-2
USN-8184-1
USN-8185-1
USN-8185-2
USN-8203-1
USN-8204-1
USN-8245-1
USN-8257-1
USN-8258-1
USN-8260-1
USN-8265-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu