CVE - CVE-2025-37858

CVE-ID
CVE-2025-37858	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), this 32-bit shift operation causes undefined behavior and improper AG sizing. On 32-bit architectures: - Left-shifting 1 by 32+ bits results in 0 due to integer overflow - This creates invalid AG sizes (0 or garbage values) in sbi->bmap->db_agsize - Subsequent block allocations would reference invalid AG structures - Could lead to: - Filesystem corruption during extend operations - Kernel crashes due to invalid memory accesses - Security vulnerabilities via malformed on-disk structures Fix by casting to s64 before shifting: bmp->db_agsize = (s64)1 << l2agsize; This ensures 64-bit arithmetic even on 32-bit architectures. The cast matches the data type of db_agsize (s64) and follows similar patterns in JFS block calculation code. Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a URL:https://git.kernel.org/stable/c/211ed8f5e39e61f9e4d18edd64ce8005a67a1b2a MISC:https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba URL:https://git.kernel.org/stable/c/3d8a45f87010a802aa214bf39702ca9d99cbf3ba MISC:https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2 URL:https://git.kernel.org/stable/c/55edbf5dbf60a8195c21e92124c4028939ae16b2 MISC:https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829 URL:https://git.kernel.org/stable/c/7ccf3b35274512b60ecb614e0637e76bd6f2d829 MISC:https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e URL:https://git.kernel.org/stable/c/7fcbf789629cdb9fbf4e2172ce31136cfed11e5e MISC:https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239 URL:https://git.kernel.org/stable/c/8bb29629a5e4090e1ef7199cb42db04a52802239 MISC:https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329 URL:https://git.kernel.org/stable/c/c802a6a4009f585111f903e810b3be9c6d0da329 MISC:https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 URL:https://git.kernel.org/stable/c/dd07a985e2ded47b6c7d69fc93c1fe02977c8454 MISC:https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88 URL:https://git.kernel.org/stable/c/ec34cdf4f917cc6abd306cf091f8b8361fedac88
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)