SB20250509147 - Input validation error in Linux kernel jbd2

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2025-37839)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the jbd2_journal_update_sb_log_tail() function in fs/jbd2/journal.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3b4643ffaf72d7a5a357e9bf68b1775f8cfe7e77
• https://git.kernel.org/stable/c/9eaec071f111cd2124ce9a5b93536d3f6837d457
• https://git.kernel.org/stable/c/ad926f735b4d4f10768fec7d080cadeb6d075cac
• https://git.kernel.org/stable/c/b0cca357f85beb6144ab60c62dcc98508cc044bf
• https://git.kernel.org/stable/c/b479839525fe7906966cdc4b5b2afbca048558a1
• https://git.kernel.org/stable/c/c88f7328bb0fff66520fc9164f02b1d06e083c1b
• https://git.kernel.org/stable/c/c98eb9ffb1d9c98237b5e1668eee17654e129fb0
• https://git.kernel.org/stable/c/cf30432f5b3064ff85d85639c2f0106f89c566f6
• https://git.kernel.org/stable/c/e6eff39dd0fe4190c6146069cc16d160e71d1148
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.237
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.181
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.293
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.135
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.88