Impact
The flaw occurs in the nilfs_sb_is_valid() routine of NILFS utilities when it fails to verify the s_log_block_size field of a NILFS2 superblock before shifting its value. This oversight triggers undefined behavior, letting an attacker supply a crafted NILFS2 image that causes oversized bit-shifts or out-of-memory conditions. The resulting crashes affect tools such as nilfs-tune and dumpseg, rendering them unresponsive and preventing further filesystem operations. The vulnerability preserves confidentiality and integrity but compromises availability, effectively enabling a denial‑of‑service attack against affected systems that run the vulnerable utilities.
Affected Systems
The issue impacts nilfs-dev nilfs-utils versions up to and including 2.3.0. Any system that installs the vulnerable release and processes user‑supplied NILFS2 images is susceptible. Upgrade to the fixed state – released in commit 26efb5d – eliminates the problem.
Risk and Exploitability
With a CVSS score of 6.7 the vulnerability is of moderate severity. No EPSS score is reported and the flaw is not listed in the CISA KEV catalog, indicating a comparatively lower profile. Attackers would need to provide a malicious NILFS2 image that the utilities ingest; the vector is therefore inferred to be local or via an untrusted image supply path. Successful exploitation leads to tool crashes, denying service to administrators or applications that rely on these utilities.
OpenCVE Enrichment