MNBSD-2025-1: Buffer overflow in some filesystems via NFS

Severity: Unknown

Affected Package: fs

Summary: Buffer overflow in some filesystems via NFS

Description

In order to export a file system via NFS, the file system must define a file system identifier (FID) for all exported files. Each file system implements operations to translate between FIDs and vnodes, the kernel's in-memory representation of files. These operations are VOP_VPTOFH(9) and VFS_FHTOVP(9). On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow.

Affected Versions

fs

Specific versions:

Recommendations

Update to MidnightBSD 3.2.2 release by using the normal update procedure.

References

Additional Information

Aliases: FreeBSD-SA-25:02.fs, CVE-2025-0373

Published: March 24, 2025
Last Modified: March 24, 2025