CVE-2025-68251

UNKNOWN 0.0

erofs: avoid infinite loops due to corrupted subpage compact indexes

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that `clusterofs` can be larger than `lclustersize` for !NONHEAD `lclusters` in corrupted subpage compact indexes, e.g.: blocksize = lclustersize = 512 lcn = 6 clusterofs = 515 Move the corresponding check for full compress indexes to `z_erofs_load_lcluster_from_disk()` to also cover subpage compact compress indexes. It also fixes the position of `m->type >= Z_EROFS_LCLUSTER_TYPE_MAX` check, since it should be placed right after `z_erofs_load_{compact,full}_lcluster()`.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Dec 16, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

8d2517aaeea3ab8651bb517bca8f3c8664d318ea < 8675447a8794983f2b7e694b378112772c17635e 8d2517aaeea3ab8651bb517bca8f3c8664d318ea < e13d315ae077bb7c3c6027cc292401bc0f4ec683 3f691aa676f29586e83e6c032713554a290418c3 22438a34d383ec2789eaf450728e38abc53051f8

Linux / Linux

6.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/8675447a8794983f2b7e694b378112772c17635e git.kernel.org: https://git.kernel.org/stable/c/e13d315ae077bb7c3c6027cc292401bc0f4ec683