CVE-2024-25739 Information

Description

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes and crash because of a missing check for ubi->leb_size.

Reference

https://www.spinics.net/lists/kernel/msg5074816.html https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg