{"schema_version":"1.7.2","id":"OESA-2025-2660","modified":"2025-11-14T12:38:44Z","published":"2025-11-14T12:38:44Z","upstream":["CVE-2025-38415"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an "UBSAN: shift-out-of-bounds in squashfs_bio_read" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl("/dev/loop0", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs.  When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk->devblksize_log2 = ffz(~msblk->devblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk->devblksize is set to 0.\n\nAs a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type 'u64' (aka\n'unsigned long long')\n\nThis commit adds a check for a 0 return by sb_min_blocksize().(CVE-2025-38415)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.10.0-289.0.0.191.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["kernel-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-debuginfo-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-debugsource-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-devel-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-headers-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-source-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-tools-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-tools-debuginfo-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","kernel-tools-devel-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","perf-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","perf-debuginfo-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","python3-perf-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm","python3-perf-debuginfo-5.10.0-289.0.0.191.oe2203sp3.aarch64.rpm"],"src":["kernel-5.10.0-289.0.0.191.oe2203sp3.src.rpm"],"x86_64":["kernel-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-debuginfo-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-debugsource-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-devel-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-headers-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-source-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-tools-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-tools-debuginfo-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","kernel-tools-devel-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","perf-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","perf-debuginfo-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","python3-perf-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm","python3-perf-debuginfo-5.10.0-289.0.0.191.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2660"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38415"}],"database_specific":{"severity":"Low"}}