Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

DEBIAN-CVE-2025-71123

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-te...
Back to all
CVE

DEBIAN-CVE-2025-71123

In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-te...

In the Linux kernel, the following vulnerability has been resolved:  ext4: fix string copying in parseapplysbmountoptions()  strscpypad() can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size.  Commit 0efc5990bca5 ("string.h: Introduce memtostr() and memtostrpad()") provides additional information in that regard.  So if this happens, the following warning is observed:  strnlen: detected buffer overflow: 65 byte read of buffer size 64 WARNING: CPU: 0 PID: 28655 at lib/stringhelpers.c:1032 fortifyreport+0x96/0xc0 lib/stringhelpers.c:1032 Modules linked in: CPU: 0 UID: 0 PID: 28655 Comm: syz-executor.3 Not tainted 6.12.54-syzkaller-00144-g5f0270f1ba00 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:fortifyreport+0x96/0xc0 lib/stringhelpers.c:1032 Call Trace:  <TASK>  fortifypanic+0x1f/0x30 lib/stringhelpers.c:1039  strnlen include/linux/fortify-string.h:235 [inline]  sizedstrscpy include/linux/fortify-string.h:309 [inline]  parseapplysbmountoptions fs/ext4/super.c:2504 [inline]  ext4fillsuper fs/ext4/super.c:5261 [inline]  ext4fillsuper+0x3c35/0xad00 fs/ext4/super.c:5706  gettreebdevflags+0x387/0x620 fs/super.c:1636  vfsgettree+0x93/0x380 fs/super.c:1814  donewmount fs/namespace.c:3553 [inline]  pathmount+0x6ae/0x1f70 fs/namespace.c:3880  domount fs/namespace.c:3893 [inline]  dosysmount fs/namespace.c:4103 [inline]  sesysmount fs/namespace.c:4080 [inline]  x64sysmount+0x280/0x300 fs/namespace.c:4080  dosyscallx64 arch/x86/entry/common.c:52 [inline]  dosyscall64+0x64/0x140 arch/x86/entry/common.c:83  entrySYSCALL64afterhwframe+0x76/0x7e  Since userspace is expected to provide smountopts field to be at most 63 characters long with the ending byte being NUL-term, use a 64-byte buffer which matches the size of smountopts, so that strscpypad() does its job properly.  Return with error if the user still managed to provide a non-NUL-term string here.  Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
-
C
H
U
0
-
3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2025-71123

Severity

7.8

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
7.8
EPSS Probability
0%
EPSS Percentile
0%
Introduced Version
0
Fix Available
5.10.249-1,6.1.162-1,6.12.69-1,6.18.3-1,6.1.162-1~deb11u1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading