{"id":"CVE-2025-68251","summary":"erofs: avoid infinite loops due to corrupted subpage compact indexes","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: avoid infinite loops due to corrupted subpage compact indexes\n\nRobert reported an infinite loop observed by two crafted images.\n\nThe root cause is that `clusterofs` can be larger than `lclustersize`\nfor !NONHEAD `lclusters` in corrupted subpage compact indexes, e.g.:\n\n  blocksize = lclustersize = 512   lcn = 6   clusterofs = 515\n\nMove the corresponding check for full compress indexes to\n`z_erofs_load_lcluster_from_disk()` to also cover subpage compact\ncompress indexes.\n\nIt also fixes the position of `m-\u003etype \u003e= Z_EROFS_LCLUSTER_TYPE_MAX`\ncheck, since it should be placed right after\n`z_erofs_load_{compact,full}_lcluster()`.","modified":"2026-03-20T12:46:19.727435Z","published":"2025-12-16T14:32:17.979Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68251.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/8675447a8794983f2b7e694b378112772c17635e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e13d315ae077bb7c3c6027cc292401bc0f4ec683"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68251.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68251"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8d2517aaeea3ab8651bb517bca8f3c8664d318ea"},{"fixed":"8675447a8794983f2b7e694b378112772c17635e"},{"fixed":"e13d315ae077bb7c3c6027cc292401bc0f4ec683"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"3f691aa676f29586e83e6c032713554a290418c3"},{"last_affected":"22438a34d383ec2789eaf450728e38abc53051f8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68251.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.8.0"},{"fixed":"6.17.6"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68251.json"}}],"schema_version":"1.7.5"}