CVE-2025-70099: n/a
A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).
AI Analysis
Technical Summary
This vulnerability involves a NULL pointer dereference in the ext4_dir_en_get_name_len function within include/ext4_dir.h of lwext4 1.0.0. When iterating over directory entries in an EXT4 filesystem image, if the directory entry pointer is malformed and not validated, accessing the name_len field causes a segmentation fault. This can be triggered by supplying a crafted EXT4 filesystem image with malformed directory entries, resulting in a denial of service condition. The affected codebase corresponds to the 2016-era lwext4 1.0.0 version or equivalent. No CVSS score or remediation details are currently available.
Potential Impact
Successful exploitation causes a denial of service by crashing the process handling the EXT4 filesystem image due to a segmentation fault triggered by a NULL pointer dereference. There is no indication of code execution or data corruption beyond service disruption. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid processing untrusted or malformed EXT4 filesystem images with affected versions of lwext4. Monitor vendor channels for updates regarding patches or workarounds.
CVE-2025-70099: n/a
Description
A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the directory entry pointer before accessing the name_len field, resulting in a segmentation fault. This affects versions based on (or equivalent to) the 2016-era codebase (1.0.0).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a NULL pointer dereference in the ext4_dir_en_get_name_len function within include/ext4_dir.h of lwext4 1.0.0. When iterating over directory entries in an EXT4 filesystem image, if the directory entry pointer is malformed and not validated, accessing the name_len field causes a segmentation fault. This can be triggered by supplying a crafted EXT4 filesystem image with malformed directory entries, resulting in a denial of service condition. The affected codebase corresponds to the 2016-era lwext4 1.0.0 version or equivalent. No CVSS score or remediation details are currently available.
Potential Impact
Successful exploitation causes a denial of service by crashing the process handling the EXT4 filesystem image due to a segmentation fault triggered by a NULL pointer dereference. There is no indication of code execution or data corruption beyond service disruption. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, avoid processing untrusted or malformed EXT4 filesystem images with affected versions of lwext4. Monitor vendor channels for updates regarding patches or workarounds.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1de930e29bf47b503e82cf
Added to database: 6/1/2026, 8:18:56 PM
Last enriched: 6/1/2026, 8:34:36 PM
Last updated: 6/2/2026, 4:59:59 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.