CVE-2025-70100: n/a
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount or image processing and leads to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size.
AI Analysis
Technical Summary
This vulnerability arises from missing validation of the logical block size (lb_size) in the ext4_block_set_lb_size function within the lwext4 1.0.0 library. When an attacker provides a malformed ext4 filesystem image with a zero lb_size, the function performs a divide-by-zero operation, causing a denial of service. The issue manifests as a Floating-Point Exception under sanitizers or a crash in standard builds during mounting or image processing of the filesystem.
Potential Impact
Successful exploitation causes denial of service by crashing the process handling the ext4 filesystem image. This can disrupt systems or applications relying on lwext4 for ext4 filesystem mounting or image processing. There is no indication of code execution or data corruption beyond the denial of service.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid processing untrusted or malformed ext4 filesystem images with lwext4 1.0.0 to prevent triggering this vulnerability.
CVE-2025-70100: n/a
Description
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 filesystem image that results in a zero logical block size. The vulnerability is triggered during mount or image processing and leads to a Floating-Point Exception (FPE) under sanitizers or a runtime crash in standard builds due to missing validation of lb_size.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from missing validation of the logical block size (lb_size) in the ext4_block_set_lb_size function within the lwext4 1.0.0 library. When an attacker provides a malformed ext4 filesystem image with a zero lb_size, the function performs a divide-by-zero operation, causing a denial of service. The issue manifests as a Floating-Point Exception under sanitizers or a crash in standard builds during mounting or image processing of the filesystem.
Potential Impact
Successful exploitation causes denial of service by crashing the process handling the ext4 filesystem image. This can disrupt systems or applications relying on lwext4 for ext4 filesystem mounting or image processing. There is no indication of code execution or data corruption beyond the denial of service.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid processing untrusted or malformed ext4 filesystem images with lwext4 1.0.0 to prevent triggering this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2037c3e29bf47b50c14d98
Added to database: 6/3/2026, 2:18:43 PM
Last enriched: 6/3/2026, 2:49:20 PM
Last updated: 6/4/2026, 5:08:00 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.