Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-71123— ext4: fix string copying in parse_apply_sb_mount_options()

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-71123

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ext4: fix string copying in parse_apply_sb_mount_options()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix string copying in parse_apply_sb_mount_options() strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-term string of possibly bigger size. Commit 0efc5990bca5 ("string.h: Introduce memtostr() and memtostr_pad()") provides additional information in that regard. So if this happens, the following warning is observed: strnlen: detected buffer overflow: 65 byte read of buffer size 64 WARNING: CPU: 0 PID: 28655 at lib/string_helpers.c:1032 __fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Modules linked in: CPU: 0 UID: 0 PID: 28655 Comm: syz-executor.3 Not tainted 6.12.54-syzkaller-00144-g5f0270f1ba00 #0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:__fortify_report+0x96/0xc0 lib/string_helpers.c:1032 Call Trace: <TASK> __fortify_panic+0x1f/0x30 lib/string_helpers.c:1039 strnlen include/linux/fortify-string.h:235 [inline] sized_strscpy include/linux/fortify-string.h:309 [inline] parse_apply_sb_mount_options fs/ext4/super.c:2504 [inline] __ext4_fill_super fs/ext4/super.c:5261 [inline] ext4_fill_super+0x3c35/0xad00 fs/ext4/super.c:5706 get_tree_bdev_flags+0x387/0x620 fs/super.c:1636 vfs_get_tree+0x93/0x380 fs/super.c:1814 do_new_mount fs/namespace.c:3553 [inline] path_mount+0x6ae/0x1f70 fs/namespace.c:3880 do_mount fs/namespace.c:3893 [inline] __do_sys_mount fs/namespace.c:4103 [inline] __se_sys_mount fs/namespace.c:4080 [inline] __x64_sys_mount+0x280/0x300 fs/namespace.c:4080 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x64/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e Since userspace is expected to provide s_mount_opts field to be at most 63 characters long with the ending byte being NUL-term, use a 64-byte buffer which matches the size of s_mount_opts, so that strscpy_pad() does its job properly. Return with error if the user still managed to provide a non-NUL-term string here. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于字符串复制函数使用不当,可能导致缓冲区溢出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux b2bac84fde28fb6a88817b8b761abda17a1d300b ~ 52ac96c4a2dd7bc47666000440b0602d9742e820 -
LinuxLinux 6.18 -

II. Public POCs for CVE-2025-71123

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-71123

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-01-14 · 43 CVEs total

CVE-2025-71112net: hns3: add VLAN id validation before using
CVE-2025-71122iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
CVE-2025-71108usb: typec: ucsi: Handle incorrect num_connectors capability
CVE-2025-71110mm/slub: reset KASAN tag in defer_free() before accessing freed memory
CVE-2025-71109MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
CVE-2025-71105f2fs: use global inline_xattr_slab instead of per-sb slab cache
CVE-2025-71104KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer
CVE-2025-71103drm/msm: adreno: fix deferencing ifpc_reglist when not declared
CVE-2025-71102scs: fix a wrong parameter in __scs_magic
CVE-2025-71106fs: PM: Fix reverse check in filesystems_freeze_callback()
CVE-2025-71111hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
CVE-2025-71113crypto: af_alg - zero initialize memory allocated via sock_kmalloc
CVE-2025-71114via_wdt: fix critical boot hang due to unnamed resource allocation
CVE-2025-71115um: init cpu_tasks[] earlier
CVE-2025-71116libceph: make decode_pool() more resilient against corrupted osdmaps
CVE-2025-71117block: Remove queue freezing from several sysfs store callbacks
CVE-2025-71118ACPICA: Avoid walking the Namespace if start_node is NULL
CVE-2025-71120SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
CVE-2025-71119powerpc/kexec: Enable SMT before waking offline CPUs
CVE-2025-71121parisc: Do not reprogram affinitiy on ASP chip

Showing top 20 of 43 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-71123

Anonymous User
2026-01-15 06:08:15

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

Leave a comment