Impact
The omfs filesystem driver in the Linux kernel fails to reject superblock values below the directory start offset. When a malicious filesystem image specifies a superblock block‑size smaller than OMFS_DIR_START, the driver performs an unsigned underflow. The resulting large length argument to a memset call causes the kernel to write far beyond the intended buffer, overwriting arbitrary kernel memory. This overwrite could be leveraged to execute code with kernel privileges.
Affected Systems
All Linux kernel builds that still contain the omfs module and lack the lower‐bound check introduced by the patch. In particular, any system using the older omfs implementation before the commit that added the check is vulnerable. The problem resides in the omfs filesystem driver and applies to kernel kernels that expose omfs support for the operating system.
Risk and Exploitability
Because the vulnerability enables arbitrary kernel memory writes, its potential impact is high: an attacker could gain full control over the affected system. The CVSS score is 7.8, indicating high severity. No public exploits are currently listed, and the EPSS score of 0.0018 indicates a very low exploitation probability. The CVE is not in the CISA KEV catalog. Nevertheless, the severity of a successful attack would be catastrophic, and the lack of mitigation in older kernels places systems at elevated risk.
OpenCVE Enrichment
Debian DLA