CVE Catalog

CVE-2025-39795

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the blk_stack_limits() function in the block layer, where the chunk_sectors check could cause an unsigned integer overflow when converting to bytes. The fix changes the check to be sector-based.

Risk Assessment

The overflow could lead to incorrect block stack behavior, potentially causing system crashes or instability of block devices.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit in stable branch). Monitor official security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is a multiple of the t->physical_block_size value. However, by finding the chunk_sectors value in bytes, we may overflow the unsigned int which holds chunk_sectors, so change the check to be based on sectors.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS