Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-68251

In the Linux kernel, the following vulnerability has been resolved:

erofs: avoid infinite loops due to corrupted subpage compact indexes

Robert reported an infinite loop observed by two crafted images.

The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in corrupted subpage compact indexes, e.g.:

blocksize = lclustersize = 512 lcn = 6 clusterofs = 515

Move the corresponding check for full compress indexes to z_erofs_load_lcluster_from_disk() to also cover subpage compact compress indexes.

It also fixes the position of m->type >= Z_EROFS_LCLUSTER_TYPE_MAX check, since it should be placed right after z_erofs_load_{compact,full}_lcluster().

Published: Dec 16, 2025
Updated: Dec 17, 2025
CVE: CVE-2025-68251
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo