{"id":"CVE-2025-38710","summary":"gfs2: Validate i_depth for exhash directories","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Validate i_depth for exhash directories\n\nA fuzzer test introduced corruption that ends up with a depth of 0 in\ndir_e_read(), causing an undefined shift by 32 at:\n\n  index = hash \u003e\u003e (32 - dip-\u003ei_depth);\n\nAs calculated in an open-coded way in dir_make_exhash(), the minimum\ndepth for an exhash directory is ilog2(sdp-\u003esd_hash_ptrs) and 0 is\ninvalid as sdp-\u003esd_hash_ptrs is fixed as sdp-\u003ebsize / 16 at mount time.\n\nSo we can avoid the undefined behaviour by checking for depth values\nlower than the minimum in gfs2_dinode_in(). Values greater than the\nmaximum are already being checked for there.\n\nAlso switch the calculation in dir_make_exhash() to use ilog2() to\nclarify how the depth is calculated.\n\nTested with the syzkaller repro.c and xfstests '-g quick'.","modified":"2026-04-02T12:48:05.624592Z","published":"2025-09-04T15:33:00.629Z","related":["SUSE-SU-2025:03601-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3725-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38710.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/53a0249d68a210c16e961b83adfa82f94ee0a53d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/557c024ca7250bb65ae60f16c02074106c2f197b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9680c58675b82348ab84d387e4fa727f7587e1a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b5f46951e62377b6e406fadc18bc3c5bdf1632a7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38710.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38710"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9a0045088d888c9c539c8c626a366cb52c0fbdab"},{"fixed":"53a0249d68a210c16e961b83adfa82f94ee0a53d"},{"fixed":"b5f46951e62377b6e406fadc18bc3c5bdf1632a7"},{"fixed":"9680c58675b82348ab84d387e4fa727f7587e1a0"},{"fixed":"557c024ca7250bb65ae60f16c02074106c2f197b"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38710.json"}}],"schema_version":"1.7.5"}