VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 3, 2026

CVE-2025-70100

CVE-2025-70100

Description

lwext4 library versions prior to 1.0.0 are vulnerable to a divide-by-zero error when processing a malformed ext4 filesystem image, leading to a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

lwext4 library versions prior to 1.0.0 are vulnerable to a divide-by-zero error when processing a malformed ext4 filesystem image, leading to a denial of service.

Vulnerability

A divide-by-zero vulnerability exists in the ext4_block_set_lb_size function within src/ext4_blockdev.c of the lwext4 library. Versions prior to 1.0.0 are affected. The vulnerability occurs when a malformed ext4 filesystem image is processed, resulting in a zero logical block size (lb_size == 0) being passed to the ext4_block_set_lb_size function without proper validation. This function then uses lb_size in arithmetic operations, leading to a division-by-zero error [1].

Exploitation

An attacker can trigger this vulnerability by providing a crafted ext4 filesystem image to the lwext4 library. The vulnerability is triggered during the ext4_mount or image processing operations. The attacker needs to ensure that the malformed image causes the ext4_mount function to pass an invalid logical block size of zero to ext4_block_set_lb_size [1].

Impact

Successful exploitation of this vulnerability results in a denial of service. The division-by-zero operation can lead to a Floating-Point Exception (FPE) when running under sanitizers, or a runtime crash in standard builds. This effectively prevents the affected system or application from processing the filesystem image [1].

Mitigation

Not yet disclosed in the available references. The vulnerability affects lwext4 library version 1.0.0 and earlier. No patched version or workaround has been publicly disclosed at this time.

References
  1. [security] lwext4/src/ext4_blockdev.c FPE in ext4_block_set_lb_size

AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The ext4_block_set_lb_size function does not validate the logical block size before performing arithmetic, leading to a division-by-zero error."

Attack vector

An attacker can trigger this vulnerability by providing a malformed ext4 filesystem image. When the library attempts to mount or process this image, the `ext4_mount()` function may pass an invalid logical block size (lb_size == 0) to `ext4_block_set_lb_size()`. This results in a division-by-zero operation, causing a Floating-Point Exception (FPE) or a runtime crash [ref_id=1].

Affected code

The vulnerability resides in the `ext4_block_set_lb_size` function located in `src/ext4_blockdev.c`. Specifically, the issue occurs on line 127 where `lb_size` is used in a division without prior validation [ref_id=1]. The `ext4_mount` function in `src/ext4.c` is also involved as it may pass the invalid `lb_size` value [ref_id=1].

What the fix does

The patch is not provided in the bundle. However, the advisory indicates that the vulnerability can be fixed by adding validation for the `lb_size` parameter within the `ext4_block_set_lb_size` function before it is used in arithmetic operations. This prevents the division-by-zero error from occurring [ref_id=1].

Preconditions

  • inputA malformed ext4 filesystem image with a logical block size of zero.

Reproduction

Steps to reproduce the behavior: ./afl_ext4_mount_read ./sig8_2_lwext4_ext4_blockdev_c_127 Output: asan-build: AddressSanitizer:DEADLYSIGNAL ================================================================= ==1900824==ERROR: AddressSanitizer: FPE on unknown address 0x55f254cc29e9 (pc 0x55f254cc29e9 bp 0x000000000000 sp 0x7ffdc2be4358 T0) #0 0x55f254cc29e9 in ext4_block_set_lb_size /home/labuser/target/2025/lwext4/src/ext4_blockdev.c:127:34 #1 0x55f254cb2b5b in ext4_mount /home/labuser/target/2025/lwext4/src/ext4.c:421:2 #2 0x55f254cb12d1 in ext4g_mount /home/labuser/target/2025/fuzz/ext4_mount_read/src/ext4_glue.c:59:13 #3 0x55f254cb0c7d in LLVMFuzzerTestOneInput /home/labuser/target/2025/fuzz/ext4_mount_read/fuzz_ext4_mount_read.c:17:9 #4 0x55f254caff6d in main /home/labuser/target/2025/fuzz/ext4_mount_read/afl_driver.c #5 0x14563c9e5ca7 (/lib/x86_64-linux-gnu/libc.so.6+0x29ca7) (BuildId: def5460e3cee00bfee25b429c97bcc4853e5b3a8) #6 0x14563c9e5d64 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29d64) (BuildId: def5460e3cee00bfee25b429c97bcc4853e5b3a8) #7 0x55f254bce420 in _start (/home/labuser/target/2025/fuzz/ext4_mount_read/build/afl_ext4_mount_read+0x2d420) (BuildId: 1e30d8e03d665c97f279a29320a11d85b52d6e31) [ref_id=1]

Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.