CVE-2025-70099 - Vulnerability Details

Description

A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).

Published: 2026-06-01

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. The code may fail to validate the directory entry pointer before accessing the name_len field, leading to a segmentation fault. The underlying weakness is a null pointer dereference, classified as CWE-476.

Affected Systems

lwext4 1.0.0, the 2016-era codebase used in many embedded and Linux-based systems that implement EXT4 filesystem image handling. No other versions are known to be affected at this time.

Risk and Exploitability

The flaw results in a denial of service but does not provide remote code execution. The CVSS score of 7.5 indicates high severity, and the EPSS score is < 1%. The vulnerability is not listed in the CISA KEV catalog. Likely attack vectors involve supplying a malicious EXT4 image to a system component that parses or mounts it, causing the application to crash. Given the lack of publicly known exploits and the severity of the denial of service, the risk is high for systems that load untrusted EXT4 images but otherwise moderate in the absence of exploitation evidence.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Gkostka

Lwext4

85%

Version	Status	Scheme	Platform
`1.0.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade lwext4 to a version that addresses the null pointer dereference
Avoid mounting or processing untrusted EXT4 filesystem images until a patched version is available
Implement filesystem entry validation or sanity checks around directory entry pointers to prevent dereferencing null values

Generated by OpenCVE AI on June 2, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00339.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/gkostka/lwext4/issues/89
https://github.com/sigdevel/pocs/blob/main/res/lwext4/1/sig11_2_1_lwext4_ext4_dir_h_126
https://infosec.exchange/@sigdevel/116668939725424227

History

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gkostka Gkostka lwext4
Vendors & Products		Gkostka Gkostka lwext4

Tue, 02 Jun 2026 18:15:00 +0000

Type	Values Removed	Values Added
Title	NULL Pointer Dereference in lwext4 Causing Denial of Service on Malformed EXT4 Filesystem Images

Tue, 02 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 21:45:00 +0000

Type	Values Removed	Values Added
Title		NULL Pointer Dereference in lwext4 Causing Denial of Service on Malformed EXT4 Filesystem Images
Weaknesses		CWE-476

Mon, 01 Jun 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description		A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).
References		https://github.com/gkostka/lwext4/issues/89 https://github.com/sigdevel/pocs/blob/main/res/lwext4/1/sig11_2_1_lwext4_ext4_dir_h_126 https://infosec.exchange/@sigdevel/116668939725424227

Subscriptions

Gkostka Lwext4

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-06-01T00:00:00.000Z

Updated: 2026-06-02T15:20:25.038Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-70099

Vulnrichment

Updated: 2026-06-02T15:20:18.622Z

NVD

Status : Deferred

Published: 2026-06-01T21:16:24.187

Modified: 2026-06-02T16:16:30.917

Link: CVE-2025-70099

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T20:55:13Z

Weaknesses

CWE-476
NULL Pointer Dereference

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object