QSearchQSearch

CVE-2025-70100

5.5 MEDIUM

A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers...

Published: 2026-06-03 · Last updated: 2026-06-05

Severity and scoring

CVSS
5.5 MEDIUM
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE
CWE-369

Affected products

VendorProduct
gkostkalwext4

Description

A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount or image processing and leads to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2025-70101 An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a... (6.5 MEDIUM)

Same CWE

  • CVE-2026-37232 An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation (8.6 HIGH)
  • CVE-2026-10201 A vulnerability was determined in Assimp up to 6.0.4 (3.3 LOW)
  • CVE-2026-46184 In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity ch... (5.5 MEDIUM)
  • CVE-2026-46161 In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies s... (5.5 MEDIUM)
  • CVE-2026-46470 An issue was discovered in GStreamer gst-plugins-good before 1.28.2 (4.0 MEDIUM)