Impact
A flaw in the Linux kernel’s OCFS2 implementation allows an out-of-bounds bitmap walk when the OCFS2_IOC_INFO ioctl is used with the non‑coherent flag. The kernel uses an on‑disk bg_bits value as a bitmap limit without validating it, causing a use‑after‑free (CWE-1285) that can trigger a kernel crash as seen in the KASAN trace. The vulnerability manifests as a denial‑of‑service condition rather than active code execution.
Affected Systems
All Linux kernel releases that ship OCFS2 support and have not applied the validation patch. Any system that mounts an OCFS2 file system—such as servers or high‑availability clusters—might be affected.
Risk and Exploitability
The CVSS score of 7.1 reflects high severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The attack vector, as inferred from the description, requires an attacker to craft a malicious OCFS2 file system with an impossible bg_bits value and trigger the non‑coherent ioctl path, which implies local or filesystem‑level access. Successful exploitation would result in a system crash, causing a denial‑of‑service rather than privilege escalation.
OpenCVE Enrichment
Debian DLA