CVE-2025-68361

Vulnerability: CVE-2025-68361

Root

Cause

The vulnerability resides in the EROFS (Enhanced Read-Only File System) implementation within the Linux kernel. When using file-backed mounts, the kernel did not enforce a limit on the depth of filesystem stacking. This oversight means that a user could potentially mount an EROFS image from a file that itself resides on another EROFS mount, creating a recursive or deeply nested chain. Such unbounded stacking can exhaust the kernel's stack space, leading to a stack overflow [1].

Exploitation

To exploit this issue, an attacker would need local access to the system and the ability to mount filesystems. The attack surface is the mount operation itself: by crafting a scenario where an EROFS file-backed mount points to another EROFS file, and so on, the attacker can trigger deep recursion in the kernel's mount handling code. No special privileges beyond the ability to mount (often requiring root or appropriate capabilities) are strictly necessary, but the attack is local and requires user interaction to initiate the mount sequence [1].

Impact

A successful exploit results in a kernel stack overflow, which typically manifests as a kernel panic (system crash) or potentially as a denial of service. In some cases, stack corruption might be leveraged for privilege escalation, though the primary documented impact is system instability and crash [1].

Mitigation

The fix, introduced in the commit referenced in the advisory introduces a limit on the level of filesystem stacking for EROFS file-backed mounts, preventing the unbounded recursion. Users are advised to apply the kernel patch from the stable kernel branch containing this commit. No workaround is mentioned; the only mitigation is to update the kernel [1].

References

[1] Linux kernel stable kernel commit: 620472e6b303c4dbcc7ecf1aba1cda4f3523e4a4