CVE Catalog

CVE-2025-70100

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

A divide-by-zero vulnerability in the ext4_block_set_lb_size function of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image with a zero logical block size. The issue occurs during mount or image processing, leading to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size.

Risk Assessment

The organization is exposed to DoS attacks that can disrupt systems using the lwext4 library for ext4 image handling, especially in embedded environments or filesystem analysis tools.

Recommendation

Update the lwext4 library to a version that includes a fix validating lb_size before use in division, or apply a temporary workaround by verifying ext4 images before processing.

Original NVD description (English source)

A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount or image processing and leads to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS