Main Vulnerability Database SB20251230278

SB20251230278 - Integer overflow in Linux kernel iomap

Published: December 30, 2025 Updated: December 30, 2025

Security Bulletin ID SB20251230278

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2023-54285)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the iomap_write_delalloc_scan() function in fs/iomap/buffered-io.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/5c281b0c5d18c8eeb1cfd5023f4adb153e6d1240
https://git.kernel.org/stable/c/eee2d2e6ea5550118170dbd5bb1316ceb38455fb
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6