CVE-2025-70099
Description
lwext4 1.0.0 suffers from a NULL pointer dereference in ext4_dir_en_get_name_len, allowing DoS via crafted EXT4 filesystem images.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
lwext4 1.0.0 suffers from a NULL pointer dereference in ext4_dir_en_get_name_len, allowing DoS via crafted EXT4 filesystem images.
Vulnerability
A NULL pointer dereference exists in the ext4_dir_en_get_name_len function within include/ext4_dir.h in lwext4 version 1.0.0. This vulnerability occurs when processing a specially crafted EXT4 filesystem image containing malformed directory entries. The code fails to validate the directory entry pointer before accessing the name_len field, leading to a segmentation fault during directory iteration [1].
Exploitation
An attacker can trigger this vulnerability by supplying a crafted EXT4 filesystem image with malformed directory entries to a system using lwext4. The vulnerability is triggered during directory iteration when the ext4_dir_entry_next function calls ext4_dir_en_get_name_len with an invalid or NULL directory entry pointer, which is then dereferenced [1].
Impact
Successful exploitation of this vulnerability results in a denial of service (DoS) due to a segmentation fault. The application or system attempting to read the malformed filesystem image will crash, rendering the filesystem inaccessible [1].
Mitigation
There is currently no publicly disclosed patch or fixed version for this vulnerability. Users are advised to avoid processing untrusted EXT4 filesystem images. Further information or mitigation steps may be available in the provided references [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"A NULL pointer dereference occurs in ext4_dir_en_get_name_len when processing malformed directory entries."
Attack vector
An attacker can cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries [ref_id=1]. During directory iteration, the code in `ext4_dir_en_get_name_len` may fail to validate the directory entry pointer before accessing the `name_len` field, leading to a segmentation fault [ref_id=1]. This vulnerability is triggered when the directory entry pointer (`en`) becomes NULL or invalid, but the code proceeds to access `en->name_len` [ref_id=1].
Affected code
The vulnerability resides in the `ext4_dir_en_get_name_len` function located in `include/ext4_dir.h` [ref_id=1]. This inline helper function is utilized by `ext4_dir_entry_next` during directory iteration [ref_id=1]. The issue arises when the directory entry pointer (`en`) is NULL or invalid, yet the code attempts to dereference it to access `en->name_len` [ref_id=1].
What the fix does
The patch is not available in the provided bundle. The advisory indicates that the vulnerability can be mitigated by ensuring that the directory entry pointer is validated before accessing its members, specifically the `name_len` field, within the `ext4_dir_en_get_name_len` function [ref_id=1]. This would prevent the NULL pointer dereference.
Preconditions
- inputA specially crafted EXT4 filesystem image with malformed directory entries.
Reproduction
Steps to reproduce the behavior: ./afl_ext4_mount_read ./sig11_2_1_lwext4_ext4_dir_h_126 [ref_id=1]
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.