Impact
The problem lies in the OCFS2 filesystem driver inside the Linux kernel. When an attacker supplies a crafted group descriptor through the OCFS2_IOC_GROUP_ADD ioctl, the driver attempts to cache this descriptor without first validating its on‑disk representation. The subsequent BUG_ON in ocfs2_set_new_buffer_uptodate triggers a kernel panic. The effect is a system crash and loss of availability, with no privilege escalation beyond the rights needed to invoke the ioctl. This is a classic denial‑of‑service flaw classified as CWE‑179.
Affected Systems
Any Linux kernel that packages the OCFS2 filesystem and has not yet applied the commit that inserts validation before caching. Mainstream distributions shipping the stock kernel with OCFS2 support are affected, as no specific kernel versions are enumerated in the advisory.
Risk and Exploitability
Based on the description, attackers would need to invoke the OCFS2_IOC_GROUP_ADD ioctl, which typically requires access to the OCFS2 device and thus local or privileged credentials. The CVE does not describe any network‑based trigger, so no clear external network entry point is identified. Once the ioctl is executed, the kernel immediately panics with no recovery path, resulting in a complete system crash. The EPSS score is less than 1 % and the vulnerability is not listed in the CISA KEV catalog, implying a very low likelihood of exploitation. Thus the risk hinges on the presence of the OCFS2 driver and the attacker’s ability to invoke the ioctl.
OpenCVE Enrichment
Debian DLA